Vulnerability CVE-2018-5135: Information

Description

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-5135

Published: June 12, 2018

Modified: Oct. 3, 2019

Error type identifier: CWE-862

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	59.0.2-alt1	127.0-alt1	ALT-PU-2018-1502-1	203049	Fixed
firefox	p10	59.0.2-alt1	118.0.2-alt0.p10.1	ALT-PU-2018-1502-1	203049	Fixed
firefox	p9	59.0.2-alt1	105.0.1-alt0.c9.1	ALT-PU-2018-1502-1	203049	Fixed
firefox	p8	59.0.2-alt1.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2018-1553-1	203220	Fixed
firefox	c10f1	59.0.2-alt1	112.0.2-alt0.p10.1	ALT-PU-2018-1502-1	203049	Fixed
firefox	c9f2	59.0.2-alt1	105.0.1-alt0.c9.1	ALT-PU-2018-1502-1	203049	Fixed
firefox	c7	60.6.1-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-1726-1	218597	Fixed
firefox	p11	59.0.2-alt1	126.0.1-alt1	ALT-PU-2018-1502-1	203049	Fixed
firefox-esr	sisyphus	60.0.1-alt1	115.11.0-alt1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p10	60.0.1-alt1	115.11.0-alt1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p9	60.0.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p8	60.1.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2018-1966-1	207865	Fixed
firefox-esr	c10f1	60.0.1-alt1	115.9.1-alt0.c10.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	c9f2	60.0.1-alt1	102.12.0-alt0.c9.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p11	60.0.1-alt1	115.11.0-alt1	ALT-PU-2018-1854-1	207816	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2018-06/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1431371	Permissions Required
USN-3596-1	Third Party Advisory
1040514	Third Party Advisory VDB Entry
103386	Third Party Advisory VDB Entry

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  59.0

Version: v24.5.3

Vulnerability CVE-2018-5135: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1