Vulnerability Description
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 60.0 |
References
- http://www.securityfocus.com/bid/104139Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040896Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1451452ExploitIssue TrackingPatch
- https://www.mozilla.org/security/advisories/mfsa2018-11/Vendor Advisory
- http://www.securityfocus.com/bid/104139Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040896Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1451452ExploitIssue TrackingPatch
- https://www.mozilla.org/security/advisories/mfsa2018-11/Vendor Advisory
FAQ
What is CVE-2018-5165?
CVE-2018-5165 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed sta...
How severe is CVE-2018-5165?
CVE-2018-5165 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5165?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.