Vulnerability Description
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 57.0.4 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040270Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1425224Issue TrackingPermissions Required
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
- http://www.securityfocus.com/bid/102786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040270Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1425224Issue TrackingPermissions Required
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
FAQ
What is CVE-2018-5112?
CVE-2018-5112 is a vulnerability with a CVSS score of 7.5 (HIGH). Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could a...
How severe is CVE-2018-5112?
CVE-2018-5112 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5112?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Canonical Ubuntu Linux.