CVE-2018-5165
MEDIUMFirefox < 60.0 - Incorrect Adobe Flash Protected Mode Setting Display
Title source: llmDescription
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
References (4)
Core 4
Core References
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1451452
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2018-11/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040896
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104139
Scores
CVSS v3
5.3
EPSS
0.0077
EPSS Percentile
73.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (1)
mozilla/firefox
< 60.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026