CVE-2018-5135 Information

Description

WebExtensions can bypass normal restrictions in some circumstances and use \browser.tabs.executeScript\ to inject scripts into contexts where this should not be allowed such as pages from other WebExtensions or unprivileged \about:\ pages. This vulnerability affects Firefox 59.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/show_bug.cgi?id=1431371 https://usn.ubuntu.com/3596-1/ https://www.mozilla.org/security/advisories/mfsa2018-06/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5