CVE-2018-5112

MEDIUM

Description

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.

References

http://www.securityfocus.com/bid/102786

http://www.securitytracker.com/id/1040270

https://bugzilla.mozilla.org/show_bug.cgi?id=1425224

https://usn.ubuntu.com/3544-1/

https://www.mozilla.org/security/advisories/mfsa2018-02/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2019-10-03

Type: CWE-552

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
700326Mozilla Firefox < 58 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
106790Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox regressions (USN-3544-2)NessusUbuntu Local Security Checks
critical
106347Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox vulnerabilities (USN-3544-1)NessusUbuntu Local Security Checks
critical
106303Mozilla Firefox < 58 Multiple VulnerabilitiesNessusWindows
critical
106301Mozilla Firefox < 58 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
106288FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)NessusFreeBSD Local Security Checks
critical