1704188 – (CVE-2018-18510) CVE-2018-18510 firefox: The about:crashcontent and about:crashparent pages can be triggered by web content allowing for a non-persistent DoS attack.

Bug 1704188 (CVE-2018-18510) - CVE-2018-18510 firefox: The about:crashcontent and about:crashparent pages can be triggered by web content allowing for a non-persistent DoS attack.

Summary: CVE-2018-18510 firefox: The about:crashcontent and about:crashparent pages ca...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-18510
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1704189
TreeView+	depends on / blocked

Reported:	2019-04-29 09:53 UTC by Marian Rehak
Modified:	2021-02-26 05:51 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-04-30 03:56:41 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-04-29 09:53:29 UTC

The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a DoS attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64.

External References:

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18510

Comment 1 Doran Moppert 2019-04-30 03:56:44 UTC

Statement:

This vulnerability did not affect the Firefox 60 ESR stream.

Note You need to log in before you can comment on or make changes to this bug.