Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12369

Опубликовано: 26 июн. 2018
Источник: redhat
CVSS3: 9.8

Описание

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-829
https://bugzilla.redhat.com/show_bug.cgi?id=1595034Mozilla: WebExtension security permission checks bypassed by embedded experiments

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12369

CVSS3: 9.8
ubuntu
больше 7 лет назад

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

nvd логотип

CVE-2018-12369

CVSS3: 9.8
nvd
больше 7 лет назад

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

debian логотип

CVE-2018-12369

CVSS3: 9.8
debian
больше 7 лет назад

WebExtensions bundled with embedded experiments were not correctly che ...

github логотип

GHSA-pp5v-ch72-95w4

CVSS3: 9.8
github
больше 3 лет назад

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

fstec логотип

BDU:2019-03411

CVSS3: 9.8
fstec
больше 7 лет назад

Уязвимость кросс-браузерной системы для разработки дополнений WebExtensions веб-браузеров Firefox, Firefox ESR, позволяющая нарушителю повысить свои привилегии

9.8 Critical

CVSS3