CVE-2017-5386
N/A
N/A
Summary
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 45.7 | affected |
| Mozilla | Firefox | unspecified < 51 | affected |
Weaknesses
- WebExtensions can use data: protocol to affect other extensions
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2017-02/
- https://security.gentoo.org/glsa/201702-22
- https://bugzilla.mozilla.org/show_bug.cgi?id=1319070
- https://www.debian.org/security/2017/dsa-3771
- http://www.securitytracker.com/id/1037693
- https://www.mozilla.org/security/advisories/mfsa2017-01/
- http://rhn.redhat.com/errata/RHSA-2017-0190.html
- http://www.securityfocus.com/bid/95769
References
- https://www.mozilla.org/security/advisories/mfsa2017-02/
- https://security.gentoo.org/glsa/201702-22
- https://bugzilla.mozilla.org/show_bug.cgi?id=1319070
- https://www.debian.org/security/2017/dsa-3771
- http://www.securitytracker.com/id/1037693
- https://www.mozilla.org/security/advisories/mfsa2017-01/
- http://rhn.redhat.com/errata/RHSA-2017-0190.html
- http://www.securityfocus.com/bid/95769
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.