CVE-2018-18496

HIGH Year: 2018
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.

Related Vulnerabilities

CVE-2024-10004

CRITICAL
CVSS:9.1(Critical)

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This ...

CWE-10212024

CVE-2022-1803

HIGH
CVSS:8.4(High)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.

CWE-10212022

CVE-2023-1362

HIGH
CVSS:8.4(High)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2.

CWE-10212023

CVE-2019-16371

HIGH
CVSS:8.2(High)

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be b...

CWE-10212019

CVE-2021-44683

HIGH
CVSS:8.2(High)

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by trickin...

CWE-10212021