CVE-2018-5118

{"id": "CVE-2018-5118", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-06-11T21:29:13.623", "references": [{"url": "http://www.securityfocus.com/bid/102786", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1040270", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1420049", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/3544-1/", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through \"file:\" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58."}, {"lang": "es", "value": "Las im\u00e1genes de captura de pantalla que se muestran en la p\u00e1gina Activity Stream que aparece cuando se abre una nueva pesta\u00f1a se crean a partir de las etiquetas meta de los sitios web. Se descubri\u00f3 un problema en el que la p\u00e1gina podr\u00eda intentar crear estas im\u00e1genes a trav\u00e9s de URL \"file:\" desde el sistema de archivos local. Esta carga es bloqueada por el sandbox, pero podr\u00eda exponer datos locales si se combina con otro ataque que se escapa de las protecciones del sandbox. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox."}], "lastModified": "2018-06-25T17:25:07.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1725C8A3-FA9C-4A5E-B46F-48FDB429E7EE", "versionEndIncluding": "57.0.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}