CVE-2018-5106

Summary

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 58affected

Weaknesses

  • Developer Tools can expose style editor information cross-origin through service worker

ADP Enrichment

CVE Program Container

Additional References

References