← Back to CVEs
CVE-2018-18495
N/ADescription
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
CVE Details
CVSS v3.1 ScoreN/A
Published2/28/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
canonical:ubuntu_linuxmozilla:firefox
Weaknesses (CWE)
CWE-732
References
http://www.securityfocus.com/bid/106167(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585(security@mozilla.org)
https://usn.ubuntu.com/3844-1/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2018-29/(security@mozilla.org)
http://www.securityfocus.com/bid/106167(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3844-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2018-29/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.