CVE-2018-5167 log

Severity Medium
Remote Yes
Type Content spoofing
The web console and JavaScript debugger in Firefox < 6.0.0 do not sanitize all output that can be hyperlinked. Both will display chrome: links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display javascript: links, which users could be tricked into clicking by malicious sites.
Group Package Affected Fixed Severity Status Ticket
AVG-693 firefox 59.0.2-3 60.0-1 Critical Fixed
Date Advisory Group Package Severity Type
13 May 2018 ASA-201805-10 AVG-693 firefox Critical multiple issues