WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106167 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585 | Issue Tracking Permissions Required Vendor Advisory |
https://usn.ubuntu.com/3844-1/ | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2018-29/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2019-02-28T18:00:00
Updated: 2019-03-01T10:57:01
Reserved: 2018-10-19T00:00:00
Link: CVE-2018-18495
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-28T18:29:01.680
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-18495
JSON object: View
Redhat Information
No data.
CWE