Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/firefox@60.0-1

Type alpm

Namespace archlinux

Name firefox

Version 60.0-1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 61.0-1

Latest_non_vulnerable_version 101.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1njr-8t2z-13ex

vulnerability_id VCID-1njr-8t2z-13ex

summary If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5163.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5163.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5163

reference_id

reference_type

scores

value	0.0198
scoring_system	epss
scoring_elements	0.83506
published_at	2026-04-01T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83606
published_at	2026-04-21T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83581
published_at	2026-04-11T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83575
published_at	2026-04-12T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83571
published_at	2026-04-13T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83605
published_at	2026-04-18T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83518
published_at	2026-04-02T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83532
published_at	2026-04-04T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83533
published_at	2026-04-07T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83557
published_at	2026-04-08T12:55:00Z

value	0.0198
scoring_system	epss
scoring_elements	0.83566
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5163

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1426353
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1426353

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576262
reference_id	1576262
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576262

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5163

reference_id

CVE-2018-5163

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5163

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5163

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1njr-8t2z-13ex

url VCID-2mf4-kpr7-3kcu

vulnerability_id VCID-2mf4-kpr7-3kcu

summary If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5153.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5153.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5153

reference_id

reference_type

scores

value	0.01246
scoring_system	epss
scoring_elements	0.79252
published_at	2026-04-01T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79325
published_at	2026-04-21T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79311
published_at	2026-04-12T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.793
published_at	2026-04-13T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79328
published_at	2026-04-16T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79324
published_at	2026-04-18T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79259
published_at	2026-04-02T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79283
published_at	2026-04-04T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79268
published_at	2026-04-07T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79294
published_at	2026-04-08T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79303
published_at	2026-04-09T12:55:00Z

value	0.01246
scoring_system	epss
scoring_elements	0.79327
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5153

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1436809
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1436809

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576253
reference_id	1576253
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576253

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5153

reference_id

CVE-2018-5153

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5153

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5153

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mf4-kpr7-3kcu

url VCID-4trh-3k93-97br

vulnerability_id VCID-4trh-3k93-97br

summary The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5176.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5176

reference_id

reference_type

scores

value	0.00387
scoring_system	epss
scoring_elements	0.59697
published_at	2026-04-01T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59843
published_at	2026-04-21T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59833
published_at	2026-04-12T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59815
published_at	2026-04-13T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59853
published_at	2026-04-16T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5986
published_at	2026-04-18T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59771
published_at	2026-04-02T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59795
published_at	2026-04-04T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59764
published_at	2026-04-07T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59816
published_at	2026-04-08T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.59829
published_at	2026-04-09T12:55:00Z

value	0.00387
scoring_system	epss
scoring_elements	0.5985
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5176

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1442840
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1442840

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576276
reference_id	1576276
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576276

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5176

reference_id

CVE-2018-5176

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5176

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5176

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4trh-3k93-97br

url VCID-4znr-5fxr-qqhc

vulnerability_id VCID-4znr-5fxr-qqhc

summary A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the require.js library that is part of Firefox’s Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5175.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5175.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5175

reference_id

reference_type

scores

value	0.00574
scoring_system	epss
scoring_elements	0.68649
published_at	2026-04-01T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68743
published_at	2026-04-21T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68741
published_at	2026-04-12T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68712
published_at	2026-04-13T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68754
published_at	2026-04-16T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68765
published_at	2026-04-18T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68667
published_at	2026-04-02T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68686
published_at	2026-04-04T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68663
published_at	2026-04-07T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68714
published_at	2026-04-08T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68733
published_at	2026-04-09T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68755
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5175

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1432358
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1432358

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576275
reference_id	1576275
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576275

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5175

reference_id

CVE-2018-5175

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5175

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5175

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4znr-5fxr-qqhc

url VCID-7ksf-b6g3-ukcc

vulnerability_id VCID-7ksf-b6g3-ukcc

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:1414
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1414

reference_url	https://access.redhat.com/errata/RHSA-2018:1415
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5155.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5155.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5155

reference_id

reference_type

scores

value	0.02921
scoring_system	epss
scoring_elements	0.86409
published_at	2026-04-21T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86359
published_at	2026-04-07T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86378
published_at	2026-04-08T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86388
published_at	2026-04-09T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86401
published_at	2026-04-11T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.864
published_at	2026-04-12T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86394
published_at	2026-04-13T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86411
published_at	2026-04-16T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86416
published_at	2026-04-18T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86329
published_at	2026-04-01T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.8634
published_at	2026-04-02T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86358
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5155

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1448774
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1448774

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4199
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4199

reference_url	https://www.debian.org/security/2018/dsa-4209
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4209

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-13/

reference_url	http://www.securityfocus.com/bid/104136
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104136

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576257
reference_id	1576257
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576257

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url	https://security.archlinux.org/ASA-201805-21
reference_id	ASA-201805-21
reference_type
scores
url	https://security.archlinux.org/ASA-201805-21

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url

https://security.archlinux.org/AVG-707

reference_id

AVG-707

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5155

reference_id

CVE-2018-5155

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5155

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_id

mfsa2018-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_url	https://access.redhat.com/errata/RHSA-2018:1725
reference_id	RHSA-2018:1725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1725

reference_url	https://access.redhat.com/errata/RHSA-2018:1726
reference_id	RHSA-2018:1726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1726

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

reference_url	https://usn.ubuntu.com/3660-1/
reference_id	USN-3660-1
reference_type
scores
url	https://usn.ubuntu.com/3660-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5155

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ksf-b6g3-ukcc

url VCID-8vn5-q4h7-ffa6

vulnerability_id VCID-8vn5-q4h7-ffa6

summary If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5182.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5182.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5182

reference_id

reference_type

scores

value	0.01014
scoring_system	epss
scoring_elements	0.77082
published_at	2026-04-01T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77176
published_at	2026-04-21T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77148
published_at	2026-04-12T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77144
published_at	2026-04-13T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77185
published_at	2026-04-16T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77186
published_at	2026-04-18T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77088
published_at	2026-04-02T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77117
published_at	2026-04-04T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77099
published_at	2026-04-07T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77133
published_at	2026-04-08T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.77142
published_at	2026-04-09T12:55:00Z

value	0.01014
scoring_system	epss
scoring_elements	0.7717
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5182

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1435908
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1435908

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576281
reference_id	1576281
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576281

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5182

reference_id

CVE-2018-5182

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5182

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5182

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vn5-q4h7-ffa6

url VCID-95qq-zty2-2qa8

vulnerability_id VCID-95qq-zty2-2qa8

summary A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5180.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5180

reference_id

reference_type

scores

value	0.01761
scoring_system	epss
scoring_elements	0.82542
published_at	2026-04-01T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.8265
published_at	2026-04-21T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82619
published_at	2026-04-11T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82613
published_at	2026-04-12T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82608
published_at	2026-04-13T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82646
published_at	2026-04-18T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82556
published_at	2026-04-02T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82571
published_at	2026-04-04T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82567
published_at	2026-04-07T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82593
published_at	2026-04-08T12:55:00Z

value	0.01761
scoring_system	epss
scoring_elements	0.82601
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5180

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1444086
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1444086

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576279
reference_id	1576279
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576279

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5180

reference_id

CVE-2018-5180

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5180

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5180

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95qq-zty2-2qa8

url VCID-d4bx-x9pb-8kfx

vulnerability_id VCID-d4bx-x9pb-8kfx

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:1414
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1414

reference_url	https://access.redhat.com/errata/RHSA-2018:1415
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5150.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5150.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5150

reference_id

reference_type

scores

value	0.03916
scoring_system	epss
scoring_elements	0.88312
published_at	2026-04-21T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88315
published_at	2026-04-16T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88246
published_at	2026-04-01T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88302
published_at	2026-04-13T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.8831
published_at	2026-04-11T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.883
published_at	2026-04-09T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88294
published_at	2026-04-08T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88274
published_at	2026-04-07T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88269
published_at	2026-04-04T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88254
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5150

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4199
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4199

reference_url	https://www.debian.org/security/2018/dsa-4209
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4209

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-13/

reference_url	http://www.securityfocus.com/bid/104136
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104136

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576250
reference_id	1576250
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576250

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url	https://security.archlinux.org/ASA-201805-21
reference_id	ASA-201805-21
reference_type
scores
url	https://security.archlinux.org/ASA-201805-21

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url

https://security.archlinux.org/AVG-707

reference_id

AVG-707

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5150

reference_id

CVE-2018-5150

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5150

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_id

mfsa2018-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_url	https://access.redhat.com/errata/RHSA-2018:1725
reference_id	RHSA-2018:1725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1725

reference_url	https://access.redhat.com/errata/RHSA-2018:1726
reference_id	RHSA-2018:1726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1726

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

reference_url	https://usn.ubuntu.com/3660-1/
reference_id	USN-3660-1
reference_type
scores
url	https://usn.ubuntu.com/3660-1/

reference_url	https://usn.ubuntu.com/3688-1/
reference_id	USN-3688-1
reference_type
scores
url	https://usn.ubuntu.com/3688-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5150

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4bx-x9pb-8kfx

url VCID-ewqm-puf8-hkbv

vulnerability_id VCID-ewqm-puf8-hkbv

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:1414
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1414

reference_url	https://access.redhat.com/errata/RHSA-2018:1415
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5168.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5168.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5168

reference_id

reference_type

scores

value	0.01032
scoring_system	epss
scoring_elements	0.7737
published_at	2026-04-21T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77327
published_at	2026-04-08T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77336
published_at	2026-04-09T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77363
published_at	2026-04-11T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77343
published_at	2026-04-12T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77339
published_at	2026-04-13T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77379
published_at	2026-04-16T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77378
published_at	2026-04-18T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77281
published_at	2026-04-01T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77287
published_at	2026-04-02T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77315
published_at	2026-04-04T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77297
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5168

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1449548
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1449548

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4199
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4199

reference_url	https://www.debian.org/security/2018/dsa-4209
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4209

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-13/

reference_url	http://www.securityfocus.com/bid/104136
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104136

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576269
reference_id	1576269
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576269

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url	https://security.archlinux.org/ASA-201805-21
reference_id	ASA-201805-21
reference_type
scores
url	https://security.archlinux.org/ASA-201805-21

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url

https://security.archlinux.org/AVG-707

reference_id

AVG-707

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5168

reference_id

CVE-2018-5168

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5168

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_id

mfsa2018-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_url	https://access.redhat.com/errata/RHSA-2018:1725
reference_id	RHSA-2018:1725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1725

reference_url	https://access.redhat.com/errata/RHSA-2018:1726
reference_id	RHSA-2018:1726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1726

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

reference_url	https://usn.ubuntu.com/3660-1/
reference_id	USN-3660-1
reference_type
scores
url	https://usn.ubuntu.com/3660-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5168

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewqm-puf8-hkbv

url VCID-g7fw-yt1c-fqht

vulnerability_id VCID-g7fw-yt1c-fqht

summary Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5164.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5164

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.58955
published_at	2026-04-01T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59074
published_at	2026-04-21T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59093
published_at	2026-04-11T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59056
published_at	2026-04-13T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59091
published_at	2026-04-16T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59096
published_at	2026-04-18T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.5903
published_at	2026-04-02T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59052
published_at	2026-04-04T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59018
published_at	2026-04-07T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59068
published_at	2026-04-08T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59075
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5164

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1416045
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1416045

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576263
reference_id	1576263
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576263

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5164

reference_id

CVE-2018-5164

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5164

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5164

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7fw-yt1c-fqht

url VCID-geb6-buda-4fdb

vulnerability_id VCID-geb6-buda-4fdb

summary Mozilla developers and community members Christoph Diehl, Christian Holler, Jon Coppeard, Jason Kratzer, Nathan Froyd, Paul Theriault, Ryan VanderMeulen, Tyson Smith, Sebastian Hengst, Byron Campen, Emilio Cobos Álvarez, Ronald Crane, and Phillipp reported memory safety bugs present in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5151.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5151

reference_id

reference_type

scores

value	0.02742
scoring_system	epss
scoring_elements	0.85998
published_at	2026-04-21T12:55:00Z

value	0.02742
scoring_system	epss
scoring_elements	0.86007
published_at	2026-04-18T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87953
published_at	2026-04-07T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87926
published_at	2026-04-01T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.8798
published_at	2026-04-09T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87991
published_at	2026-04-11T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87984
published_at	2026-04-12T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87983
published_at	2026-04-13T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87997
published_at	2026-04-16T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87936
published_at	2026-04-02T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87949
published_at	2026-04-04T12:55:00Z

value	0.0372
scoring_system	epss
scoring_elements	0.87974
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5151

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576251
reference_id	1576251
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576251

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5151

reference_id

CVE-2018-5151

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5151

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5151

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-geb6-buda-4fdb

url VCID-jtrv-jyme-sybh

vulnerability_id VCID-jtrv-jyme-sybh

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:1414
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1414

reference_url	https://access.redhat.com/errata/RHSA-2018:1415
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5159.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5159.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5159

reference_id

reference_type

scores

value	0.37556
scoring_system	epss
scoring_elements	0.97206
published_at	2026-04-21T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97177
published_at	2026-04-07T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97187
published_at	2026-04-08T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97188
published_at	2026-04-09T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97192
published_at	2026-04-11T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97193
published_at	2026-04-13T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97201
published_at	2026-04-16T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97203
published_at	2026-04-18T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97164
published_at	2026-04-01T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.9717
published_at	2026-04-02T12:55:00Z

value	0.37556
scoring_system	epss
scoring_elements	0.97176
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5159

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1441941
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1441941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4199
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4199

reference_url	https://www.debian.org/security/2018/dsa-4209
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4209

reference_url	https://www.exploit-db.com/exploits/44759/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44759/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-13/

reference_url	http://www.securityfocus.com/bid/104136
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104136

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576260
reference_id	1576260
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576260

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url	https://security.archlinux.org/ASA-201805-21
reference_id	ASA-201805-21
reference_type
scores
url	https://security.archlinux.org/ASA-201805-21

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url

https://security.archlinux.org/AVG-707

reference_id

AVG-707

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://bugs.chromium.org/p/project-zero/issues/detail?id=1541
reference_id	CVE-2018-5159
reference_type	exploit
scores
url	https://bugs.chromium.org/p/project-zero/issues/detail?id=1541

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44759.html
reference_id	CVE-2018-5159
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44759.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5159

reference_id

CVE-2018-5159

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5159

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_id

mfsa2018-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_url	https://access.redhat.com/errata/RHSA-2018:1725
reference_id	RHSA-2018:1725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1725

reference_url	https://access.redhat.com/errata/RHSA-2018:1726
reference_id	RHSA-2018:1726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1726

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

reference_url	https://usn.ubuntu.com/3660-1/
reference_id	USN-3660-1
reference_type
scores
url	https://usn.ubuntu.com/3660-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5159

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtrv-jyme-sybh

url VCID-kufd-jgaq-jfd2

vulnerability_id VCID-kufd-jgaq-jfd2

summary WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5152.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5152

reference_id

reference_type

scores

value	0.00457
scoring_system	epss
scoring_elements	0.63826
published_at	2026-04-01T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63939
published_at	2026-04-21T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63936
published_at	2026-04-12T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63903
published_at	2026-04-13T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63938
published_at	2026-04-16T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63948
published_at	2026-04-18T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63885
published_at	2026-04-02T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63912
published_at	2026-04-04T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63869
published_at	2026-04-07T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.6392
published_at	2026-04-08T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.63937
published_at	2026-04-09T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.6395
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5152

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1415644
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1415644

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1427289
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1427289

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576252
reference_id	1576252
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576252

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5152

reference_id

CVE-2018-5152

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5152

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5152

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kufd-jgaq-jfd2

url VCID-mfwc-dm4n-vbey

vulnerability_id VCID-mfwc-dm4n-vbey

summary

Code injection
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1414

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1414

reference_url

https://access.redhat.com/errata/RHSA-2018:1415

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5158.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5158.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5158

reference_id

reference_type

scores

value	0.4138
scoring_system	epss
scoring_elements	0.97376
published_at	2026-04-01T12:55:00Z

value	0.4138
scoring_system	epss
scoring_elements	0.97382
published_at	2026-04-02T12:55:00Z

value	0.4138
scoring_system	epss
scoring_elements	0.97387
published_at	2026-04-07T12:55:00Z

value	0.4138
scoring_system	epss
scoring_elements	0.97394
published_at	2026-04-08T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97497
published_at	2026-04-16T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.975
published_at	2026-04-21T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97486
published_at	2026-04-11T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97484
published_at	2026-04-09T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97488
published_at	2026-04-12T12:55:00Z

value	0.43031
scoring_system	epss
scoring_elements	0.97489
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5158

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1452075

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1452075

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url

https://github.com/mozilla/pdf.js

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mozilla/pdf.js

reference_url

https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97

reference_url

https://github.com/mozilla/pdf.js/pull/9659

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mozilla/pdf.js/pull/9659

reference_url

https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5158

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5158

reference_url

https://security.gentoo.org/glsa/201810-01

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201810-01

reference_url

https://usn.ubuntu.com/3645-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3645-1

reference_url

https://www.debian.org/security/2018/dsa-4199

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4199

reference_url

https://www.mozilla.org/security/advisories/mfsa2018-11

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/security/advisories/mfsa2018-11

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url

https://www.mozilla.org/security/advisories/mfsa2018-12

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/security/advisories/mfsa2018-12

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url

http://www.securityfocus.com/bid/104136

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104136

reference_url

http://www.securitytracker.com/id/1040896

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576259
reference_id	1576259
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576259

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482
reference_id	926482
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://github.com/advisories/GHSA-7jg2-jgv3-fmr4

reference_id

GHSA-7jg2-jgv3-fmr4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7jg2-jgv3-fmr4

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5158, GHSA-7jg2-jgv3-fmr4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfwc-dm4n-vbey

url VCID-q3au-wru3-pbet

vulnerability_id VCID-q3au-wru3-pbet

summary The filename appearing in the Downloads panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. *Note: the dialog to open the file will show the full, correct filename and whether it is executable or not.*

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5173.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5173.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5173

reference_id

reference_type

scores

value	0.01028
scoring_system	epss
scoring_elements	0.77238
published_at	2026-04-01T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77331
published_at	2026-04-21T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77302
published_at	2026-04-12T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.773
published_at	2026-04-13T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.7734
published_at	2026-04-16T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77339
published_at	2026-04-18T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77245
published_at	2026-04-02T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77273
published_at	2026-04-04T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77256
published_at	2026-04-07T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77287
published_at	2026-04-08T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77296
published_at	2026-04-09T12:55:00Z

value	0.01028
scoring_system	epss
scoring_elements	0.77323
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5173

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1438025
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1438025

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576272
reference_id	1576272
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576272

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5173

reference_id

CVE-2018-5173

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5173

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5173

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3au-wru3-pbet

url VCID-qvj2-uwha-xff9

vulnerability_id VCID-qvj2-uwha-xff9

summary The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5172.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5172.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5172

reference_id

reference_type

scores

value	0.00694
scoring_system	epss
scoring_elements	0.71846
published_at	2026-04-01T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71916
published_at	2026-04-21T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.7192
published_at	2026-04-11T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71902
published_at	2026-04-12T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71927
published_at	2026-04-16T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71932
published_at	2026-04-18T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71855
published_at	2026-04-02T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71874
published_at	2026-04-04T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71847
published_at	2026-04-07T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71885
published_at	2026-04-13T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.71896
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5172

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1436482
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1436482

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576271
reference_id	1576271
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576271

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5172

reference_id

CVE-2018-5172

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5172

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5172

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvj2-uwha-xff9

url VCID-rjjb-7ycx-cuaa

vulnerability_id VCID-rjjb-7ycx-cuaa

summary If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5169.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5169.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5169

reference_id

reference_type

scores

value	0.00587
scoring_system	epss
scoring_elements	0.69028
published_at	2026-04-01T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69121
published_at	2026-04-21T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69122
published_at	2026-04-12T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69093
published_at	2026-04-13T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69133
published_at	2026-04-16T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69142
published_at	2026-04-18T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69045
published_at	2026-04-02T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69066
published_at	2026-04-04T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69046
published_at	2026-04-07T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69096
published_at	2026-04-08T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69115
published_at	2026-04-09T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69138
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5169

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319157
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319157

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576270
reference_id	1576270
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576270

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5169

reference_id

CVE-2018-5169

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5169

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5169

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rjjb-7ycx-cuaa

url VCID-rpj2-156g-aqcu

vulnerability_id VCID-rpj2-156g-aqcu

summary The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display chrome: links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display javascript: links, which users could be tricked into clicking by malicious sites.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5167.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5167

reference_id

reference_type

scores

value	0.00646
scoring_system	epss
scoring_elements	0.70633
published_at	2026-04-01T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70728
published_at	2026-04-21T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70713
published_at	2026-04-12T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70698
published_at	2026-04-13T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70743
published_at	2026-04-16T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.7075
published_at	2026-04-18T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70648
published_at	2026-04-02T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70667
published_at	2026-04-04T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70645
published_at	2026-04-07T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.7069
published_at	2026-04-08T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.70707
published_at	2026-04-09T12:55:00Z

value	0.00646
scoring_system	epss
scoring_elements	0.7073
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5167

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1447969
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1447969

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576268
reference_id	1576268
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576268

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5167

reference_id

CVE-2018-5167

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5167

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5167

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpj2-156g-aqcu

url VCID-tkmh-549z-4qhd

vulnerability_id VCID-tkmh-549z-4qhd

summary WebExtensions can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5166.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5166

reference_id

reference_type

scores

value	0.00752
scoring_system	epss
scoring_elements	0.73134
published_at	2026-04-01T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73233
published_at	2026-04-21T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73194
published_at	2026-04-12T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73188
published_at	2026-04-13T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73231
published_at	2026-04-16T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.7324
published_at	2026-04-18T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73144
published_at	2026-04-02T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73165
published_at	2026-04-04T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73139
published_at	2026-04-07T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73175
published_at	2026-04-08T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73189
published_at	2026-04-09T12:55:00Z

value	0.00752
scoring_system	epss
scoring_elements	0.73213
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5166

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1437325
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1437325

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576267
reference_id	1576267
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576267

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5166

reference_id

CVE-2018-5166

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5166

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5166

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkmh-549z-4qhd

url VCID-v96d-equt-6bay

vulnerability_id VCID-v96d-equt-6bay

summary If a URL using the file: protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the noopener keyword.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5181.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5181

reference_id

reference_type

scores

value	0.01262
scoring_system	epss
scoring_elements	0.79379
published_at	2026-04-01T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79461
published_at	2026-04-21T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79439
published_at	2026-04-12T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79429
published_at	2026-04-13T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79459
published_at	2026-04-16T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79458
published_at	2026-04-18T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79386
published_at	2026-04-02T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79409
published_at	2026-04-04T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79396
published_at	2026-04-07T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79423
published_at	2026-04-08T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79433
published_at	2026-04-09T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79456
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5181

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1424107
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1424107

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576280
reference_id	1576280
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576280

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5181

reference_id

CVE-2018-5181

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5181

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5181

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v96d-equt-6bay

url VCID-w3wj-w2gp-kqh4

vulnerability_id VCID-w3wj-w2gp-kqh4

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:1414
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1414

reference_url	https://access.redhat.com/errata/RHSA-2018:1415
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5157.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5157.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5157

reference_id

reference_type

scores

value	0.00587
scoring_system	epss
scoring_elements	0.69125
published_at	2026-04-21T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69142
published_at	2026-04-11T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69126
published_at	2026-04-12T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69097
published_at	2026-04-13T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69136
published_at	2026-04-16T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69146
published_at	2026-04-18T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69031
published_at	2026-04-01T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69048
published_at	2026-04-02T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69069
published_at	2026-04-04T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.6905
published_at	2026-04-07T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.691
published_at	2026-04-08T12:55:00Z

value	0.00587
scoring_system	epss
scoring_elements	0.69119
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5157

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1449898
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1449898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4199
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4199

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url	http://www.securityfocus.com/bid/104136
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104136

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576258
reference_id	1576258
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576258

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5157

reference_id

CVE-2018-5157

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5157

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5157

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3wj-w2gp-kqh4

url VCID-w41h-2xyb-h3fj

vulnerability_id VCID-w41h-2xyb-h3fj

summary A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5177.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5177.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5177

reference_id

reference_type

scores

value	0.00303
scoring_system	epss
scoring_elements	0.53544
published_at	2026-04-02T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53522
published_at	2026-04-01T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75941
published_at	2026-04-21T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75922
published_at	2026-04-12T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75915
published_at	2026-04-13T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75953
published_at	2026-04-16T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75955
published_at	2026-04-18T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75896
published_at	2026-04-04T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75876
published_at	2026-04-07T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75908
published_at	2026-04-08T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75921
published_at	2026-04-09T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.75944
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5177

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1451908
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1451908

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576277
reference_id	1576277
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576277

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5177

reference_id

CVE-2018-5177

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5177

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5177

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w41h-2xyb-h3fj

url VCID-w44w-qwmk-mbbd

vulnerability_id VCID-w44w-qwmk-mbbd

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:1414
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1414

reference_url	https://access.redhat.com/errata/RHSA-2018:1415
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1415

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5154.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5154.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5154

reference_id

reference_type

scores

value	0.02921
scoring_system	epss
scoring_elements	0.86409
published_at	2026-04-21T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86378
published_at	2026-04-08T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86388
published_at	2026-04-09T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86401
published_at	2026-04-11T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.864
published_at	2026-04-12T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86394
published_at	2026-04-13T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86411
published_at	2026-04-16T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86416
published_at	2026-04-18T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86329
published_at	2026-04-01T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.8634
published_at	2026-04-02T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86358
published_at	2026-04-04T12:55:00Z

value	0.02921
scoring_system	epss
scoring_elements	0.86359
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5154

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1443092
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1443092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html

reference_url	https://security.gentoo.org/glsa/201810-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201810-01

reference_url	https://www.debian.org/security/2018/dsa-4199
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4199

reference_url	https://www.debian.org/security/2018/dsa-4209
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4209

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-13/

reference_url	http://www.securityfocus.com/bid/104136
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104136

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576255
reference_id	1576255
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576255

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url	https://security.archlinux.org/ASA-201805-21
reference_id	ASA-201805-21
reference_type
scores
url	https://security.archlinux.org/ASA-201805-21

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url

https://security.archlinux.org/AVG-707

reference_id

AVG-707

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5154

reference_id

CVE-2018-5154

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5154

reference_url	https://security.gentoo.org/glsa/201811-13
reference_id	GLSA-201811-13
reference_type
scores
url	https://security.gentoo.org/glsa/201811-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_id

mfsa2018-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13

reference_url	https://access.redhat.com/errata/RHSA-2018:1725
reference_id	RHSA-2018:1725
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1725

reference_url	https://access.redhat.com/errata/RHSA-2018:1726
reference_id	RHSA-2018:1726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1726

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

reference_url	https://usn.ubuntu.com/3660-1/
reference_id	USN-3660-1
reference_type
scores
url	https://usn.ubuntu.com/3660-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5154

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w44w-qwmk-mbbd

url VCID-zxn1-pdzk-sfdb

vulnerability_id VCID-zxn1-pdzk-sfdb

summary WebRTC can use a WrappedI420Buffer pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5160.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5160.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5160

reference_id

reference_type

scores

value	0.02374
scoring_system	epss
scoring_elements	0.8489
published_at	2026-04-01T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84987
published_at	2026-04-21T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84972
published_at	2026-04-12T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84967
published_at	2026-04-13T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84989
published_at	2026-04-16T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.8499
published_at	2026-04-18T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84905
published_at	2026-04-02T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84923
published_at	2026-04-04T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84928
published_at	2026-04-07T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84951
published_at	2026-04-08T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84957
published_at	2026-04-09T12:55:00Z

value	0.02374
scoring_system	epss
scoring_elements	0.84974
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5160

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1436117
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1436117

reference_url	https://www.mozilla.org/security/advisories/mfsa2018-11/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2018-11/

reference_url	http://www.securityfocus.com/bid/104139
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104139

reference_url	http://www.securitytracker.com/id/1040896
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1576261
reference_id	1576261
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1576261

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5160

reference_id

CVE-2018-5160

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5160

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url	https://usn.ubuntu.com/3645-1/
reference_id	USN-3645-1
reference_type
scores
url	https://usn.ubuntu.com/3645-1/

fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

aliases CVE-2018-5160

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxn1-pdzk-sfdb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

Package Instance