CVE-2018-5115 Information

Description

If an HTTP authentication prompt is triggered by a background network request from a page or extension it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox 58.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1409449 https://usn.ubuntu.com/3544-1/ https://www.mozilla.org/security/advisories/mfsa2018-02/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5