Sites can bypass security checks on permissions to install lightweight themes by manipulating the `baseURI` property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168
Acknowledgments: Name: the Mozilla project Upstream: Wladimir Palant
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1414
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1415
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1725
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1726 https://access.redhat.com/errata/RHSA-2018:1726