CVE-2018-12396
N/A
N/A
Summary
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 60.3 | affected |
| Mozilla | Firefox | unspecified < 63 | affected |
Weaknesses
- WebExtension content scripts can execute in disallowed contexts
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1483602
- https://www.debian.org/security/2018/dsa-4324
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://security.gentoo.org/glsa/201811-04
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securityfocus.com/bid/105718
- https://access.redhat.com/errata/RHSA-2018:3006
- https://usn.ubuntu.com/3801-1/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- http://www.securitytracker.com/id/1041944
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1483602
- https://www.debian.org/security/2018/dsa-4324
- https://www.mozilla.org/security/advisories/mfsa2018-26/
- https://security.gentoo.org/glsa/201811-04
- https://www.mozilla.org/security/advisories/mfsa2018-27/
- https://access.redhat.com/errata/RHSA-2018:3005
- http://www.securityfocus.com/bid/105718
- https://access.redhat.com/errata/RHSA-2018:3006
- https://usn.ubuntu.com/3801-1/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
- http://www.securitytracker.com/id/1041944
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.