CVE-2018-5135
Last modified
CVE-2018-5135 is a vulnerability of currently unknown severity. WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.. EPSS estimates a 1.55% chance of exploitation in the next 30 days.
Description
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 59.0 |
References
- http://www.securityfocus.com/bid/103386Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040514Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371Permissions Required
- https://usn.ubuntu.com/3596-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-06/Vendor Advisory
- http://www.securityfocus.com/bid/103386Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040514Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371Permissions Required
- https://usn.ubuntu.com/3596-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-06/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5135?
How severe is CVE-2018-5135?
How do I fix CVE-2018-5135?
Are you affected by CVE-2018-5135?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST