---

CVE-2018-5176 - log back

CVE-2018-5176 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Information disclosure
Description	+ The JSON Viewer in Firefox before 60.0 displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5176 + https://bugzilla.mozilla.org/show_bug.cgi?id=1442840
Notes