CVE-2018-5137

Summary

A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 59affected

Weaknesses

  • Script content can access legacy extension non-contentaccessible resources

ADP Enrichment

CVE Program Container

Additional References

References