Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5166

Опубликовано: 09 мая 2018
Источник: redhat
CVSS3: 7.5

Описание

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=1576267Mozilla: WebExtension host permission bypass through filterReponseData

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5166

CVSS3: 7.5
ubuntu
больше 7 лет назад

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

nvd логотип

CVE-2018-5166

CVSS3: 7.5
nvd
больше 7 лет назад

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

debian логотип

CVE-2018-5166

CVSS3: 7.5
debian
больше 7 лет назад

WebExtensions can use request redirection and a "filterReponseData" fi ...

github логотип

GHSA-xf5w-2jf5-86c8

CVSS3: 7.5
github
больше 3 лет назад

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.

fstec логотип

BDU:2019-03317

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость кросс-браузерной системы для разработки дополнений WebExtensions браузера Firefox ESR, позволяющая нарушителю обойти существующие ограничения безопасности

7.5 High

CVSS3