CVE-2018-18495

WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
mozillafirefox
𝑥
< 64.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
cosmic
Fixed 64.0+build3-0ubuntu0.18.10.1
released
bionic
Fixed 64.0+build3-0ubuntu0.18.04.1
released
xenial
Fixed 64.0+build3-0ubuntu0.16.04.1
released
trusty
Fixed 64.0+build3-0ubuntu0.14.04.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106167
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
https://usn.ubuntu.com/3844-1/
https://www.mozilla.org/security/advisories/mfsa2018-29/
http://www.securityfocus.com/bid/106167
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
https://usn.ubuntu.com/3844-1/
https://www.mozilla.org/security/advisories/mfsa2018-29/