PT-2017-3679 · Mozilla+2 · Firefox+2

Abdulrahman Alqabandi

·

Published

2017-12-14

·

Updated

2024-12-12

·

CVE-2018-5112

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 58
Description: The issue arises from the development tools panels of an extension not being properly restricted to load URLs as relative URLs from the extension manifest file. This could potentially allow a development tools panel to access privileged pages it should not have access to. The vulnerability may be exploited by a remote attacker to gain unauthorized access to protected information.
Recommendations: For versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and privileged pages until the update can be applied.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

ALT-PU-2018-1178
ALT-PU-2018-1854
BDU:2018-00870
CVE-2018-5112
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
USN-3544-1
USN-3544-2

Affected Products

Alt Linux
Firefox
Ubuntu