Main Vulnerability Database Vulnerabilities #VU10197

Security restrictions bypass in Mozilla Firefox - CVE-2018-5112

Published: January 24, 2018

Vulnerability identifier: #VU10197

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5112

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the failure to enforce the requirement of the Development Tools panels of an extension to load URLs for the panels as relative URLs from the extension manifest file. A remote attacker can bypass security restrictions and load a URL that it should not be able to access.

How to mitigate CVE-2018-5112

Update to version 58.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/

Security restrictions bypass in Mozilla Firefox - CVE-2018-5112

Detailed vulnerability description

How to mitigate CVE-2018-5112

Sources

Please verify you're human