Security restrictions bypass in Mozilla Firefox - CVE-2018-5135
Published: March 13, 2018
Vulnerability identifier: #VU10978
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5135
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions to bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.
The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions to bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.
How to mitigate CVE-2018-5135
Update to version 59.0.