CVE-2018-18495
N/A
N/A
Summary
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 64 | affected |
Weaknesses
- WebExtension content scripts can be loaded in about: pages
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
- https://usn.ubuntu.com/3844-1/
- http://www.securityfocus.com/bid/106167
References
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
- https://usn.ubuntu.com/3844-1/
- http://www.securityfocus.com/bid/106167
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.