CVE-2018-5124
Publication date 30 January 2018
Last updated 25 August 2025
Ubuntu priority
Description
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | 18.04 LTS bionic |
Fixed 59.0.1+build1-0ubuntu1
|
| 16.04 LTS xenial |
Fixed 58.0.1+build1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 58.0.1+build1-0ubuntu0.14.04.1
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.1 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3552-1
- Firefox vulnerability
- 31 January 2018