← Voltar para CVEs
CVE-2018-18495
N/ADescricao
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado2/28/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
canonical:ubuntu_linuxmozilla:firefox
Fraquezas (CWE)
CWE-732
Referencias
http://www.securityfocus.com/bid/106167(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585(security@mozilla.org)
https://usn.ubuntu.com/3844-1/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2018-29/(security@mozilla.org)
http://www.securityfocus.com/bid/106167(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3844-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2018-29/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.