CVE-2018-18495

EUVD-2018-10220
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 64.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
bionic
Fixed 64.0+build3-0ubuntu0.18.04.1
released
cosmic
Fixed 64.0+build3-0ubuntu0.18.10.1
released
trusty
Fixed 64.0+build3-0ubuntu0.14.04.1
released
xenial
Fixed 64.0+build3-0ubuntu0.16.04.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106167
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
https://usn.ubuntu.com/3844-1/
https://www.mozilla.org/security/advisories/mfsa2018-29/
http://www.securityfocus.com/bid/106167
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
https://usn.ubuntu.com/3844-1/
https://www.mozilla.org/security/advisories/mfsa2018-29/