Vulnerability Description
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 57.0.4 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040270Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1421099Issue TrackingPermissions Required
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
- http://www.securityfocus.com/bid/102786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040270Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1421099Issue TrackingPermissions Required
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
FAQ
What is CVE-2018-5108?
CVE-2018-5108 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allo...
How severe is CVE-2018-5108?
CVE-2018-5108 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5108?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Canonical Ubuntu Linux.