---

CVE-2018-5168 - log back

CVE-2018-5168 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168 + https://bugzilla.mozilla.org/show_bug.cgi?id=1449548
Notes