#VU10978 Security restrictions bypass in Mozilla Firefox - CVE-2018-5135
Published: March 13, 2018
Vulnerability identifier: #VU10978
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5135
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions to bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.
The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions to bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.
Remediation
Update to version 59.0.