Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5166

Опубликовано: 09 мая 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=1576267Mozilla: WebExtension host permission bypass through filterReponseData

EPSS

Процентиль: 77%
0.01112
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5166

CVSS3: 7.5
ubuntu
около 7 лет назад

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

nvd логотип

CVE-2018-5166

CVSS3: 7.5
nvd
около 7 лет назад

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

debian логотип

CVE-2018-5166

CVSS3: 7.5
debian
около 7 лет назад

WebExtensions can use request redirection and a "filterReponseData" fi ...

github логотип

GHSA-xf5w-2jf5-86c8

CVSS3: 7.5
github
около 3 лет назад

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

fstec логотип

BDU:2019-03317

CVSS3: 7.5
fstec
около 7 лет назад

Уязвимость кросс-браузерной системы для разработки дополнений WebExtensions браузера Firefox ESR, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 77%
0.01112
Низкий

7.5 High

CVSS3