CVE-2018-5166

Summary

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 60affected

Weaknesses

  • WebExtension host permission bypass through filterReponseData

ADP Enrichment

CVE Program Container

Additional References

References