Vulnerability Description
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 59.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103386Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040514Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371Permissions Required
- https://usn.ubuntu.com/3596-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-06/Vendor Advisory
- http://www.securityfocus.com/bid/103386Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040514Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371Permissions Required
- https://usn.ubuntu.com/3596-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-06/Vendor Advisory
FAQ
What is CVE-2018-5135?
CVE-2018-5135 is a vulnerability with a CVSS score of 7.5 (HIGH). WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebEx...
How severe is CVE-2018-5135?
CVE-2018-5135 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5135?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.