Oval Definition:oval:org.opensuse.security:def:20185143
Revision Date:2022-06-30Version:1
Title:CVE-2018-5143
Description:

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-5143
Mitre CVE-2018-5143
SUSE CVE-2018-5143
Platform(s):openSUSE Leap 15.0
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaFirefox-60.0-lp150.2 is installed
  • AND MozillaFirefox is signed with openSUSE key
  • OR
  • MozillaFirefox-translations-common-60.0-lp150.2 is installed
  • AND MozillaFirefox-translations-common is signed with openSUSE key
  • OR
  • MozillaFirefox-translations-other-60.0-lp150.2 is installed
  • AND MozillaFirefox-translations-other is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • MozillaFirefox-92.0-1.2 is installed
  • OR MozillaFirefox-branding-upstream-92.0-1.2 is installed
  • OR MozillaFirefox-devel-92.0-1.2 is installed
  • OR MozillaFirefox-translations-common-92.0-1.2 is installed
  • OR MozillaFirefox-translations-other-92.0-1.2 is installed
    • BACK