CVE-2018-5172 (retired)

The Live Bookmarks page and the PDF viewer can run injected script content
if a user pastes script from the clipboard into them while viewing RSS
feeds or PDF files. This could allow a malicious site to socially engineer
a user to copy and paste malicious script content that could then run with
the context of either page but does not allow for privilege escalation.
This vulnerability affects Firefox < 60.
Upstream:released (60.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (60.0+build2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (60.0+build2-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (60.0+build2-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (60.0+build2-0ubuntu1)
More Information

Updated: 2019-03-26 12:27:30 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)