CVE-2018-5135
N/A
N/A
Summary
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 59 | affected |
Weaknesses
- WebExtension browserAction can inject scripts into unintended contexts
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103386
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371
- http://www.securitytracker.com/id/1040514
- https://usn.ubuntu.com/3596-1/
- https://www.mozilla.org/security/advisories/mfsa2018-06/
References
- http://www.securityfocus.com/bid/103386
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371
- http://www.securitytracker.com/id/1040514
- https://usn.ubuntu.com/3596-1/
- https://www.mozilla.org/security/advisories/mfsa2018-06/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.