Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/102786 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040270 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1425224 | Issue Tracking Permissions Required |
https://usn.ubuntu.com/3544-1/ | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2018-02/ | Vendor Advisory |
http://www.securityfocus.com/bid/102786 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040270 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1425224 | Issue Tracking Permissions Required |
https://usn.ubuntu.com/3544-1/ | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2018-02/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/102786 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1040270 - Third Party Advisory, VDB Entry | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1425224 - Issue Tracking, Permissions Required | |
References | () https://usn.ubuntu.com/3544-1/ - Third Party Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2018-02/ - Vendor Advisory |
Information
Published : 2018-06-11 21:29
Updated : 2024-11-21 04:08
NVD link : CVE-2018-5112
Mitre link : CVE-2018-5112
CVE.ORG link : CVE-2018-5112
JSON object : View
Products Affected
mozilla
- firefox
canonical
- ubuntu_linux
CWE
CWE-552
Files or Directories Accessible to External Parties