CVE-2018-12396

Summary

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 60.3affected
MozillaFirefoxunspecified < 63affected

Weaknesses

  • WebExtension content scripts can execute in disallowed contexts

ADP Enrichment

CVE Program Container

Additional References

References