PT-2017-3684 · Mozilla+2 · Firefox+2

Rob Wu

Publicado

2017-08-16

Atualizado

2024-12-12

CVE-2018-5105

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 58

Description: The issue is related to WebExtensions, which can bypass user prompts, allowing an arbitrarily downloaded file to be saved and then opened. This can lead to an executable file running with local user privileges without explicit user consent. The exploitation of this issue may allow an attacker to elevate their privileges.

Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider disabling WebExtensions until a patch is available. Restrict access to downloadable files to minimize the risk of exploitation. Avoid using WebExtensions to open downloaded files until the issue is resolved.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

ALT-PU-2018-1178

ALT-PU-2018-1854

BDU:2018-00877

CVE-2018-5105

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3544-1

USN-3544-2

Produtos afetados

Alt Linux

Firefox

Ubuntu

PT-2017-3684 · Mozilla+2 · Firefox+2

CVE-2018-5105

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1910