CVE-2018-5168 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images.
Group Package Affected Fixed Severity Status Ticket
AVG-707 thunderbird 52.7.0-2 52.8.0-1 Critical Fixed
AVG-693 firefox 59.0.2-3 60.0-1 Critical Fixed
Date Advisory Group Package Severity Description
21 May 2018 ASA-201805-21 AVG-707 thunderbird Critical multiple issues
13 May 2018 ASA-201805-10 AVG-693 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168
https://bugzilla.mozilla.org/show_bug.cgi?id=1449548