← Volver a CVEs
CVE-2018-18495
N/ADescripcion
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado2/28/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
canonical:ubuntu_linuxmozilla:firefox
Debilidades (CWE)
CWE-732
Referencias
http://www.securityfocus.com/bid/106167(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585(security@mozilla.org)
https://usn.ubuntu.com/3844-1/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2018-29/(security@mozilla.org)
http://www.securityfocus.com/bid/106167(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3844-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2018-29/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.