Описание
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 59.0+build5-0ubuntu0.17.10.1 |
| bionic | released | 59.0.1+build1-0ubuntu1 |
| devel | released | 59.0.1+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [59.0+build5-0ubuntu0.14.04.1]] |
| precise/esm | DNE | |
| trusty | released | 59.0+build5-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [59.0+build5-0ubuntu0.14.04.1] |
| upstream | released | 59.0 |
| xenial | released | 59.0+build5-0ubuntu0.16.04.1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
WebExtensions can bypass normal restrictions in some circumstances and ...
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
Уязвимость функции browser.tabs.executeScript () расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
5 Medium
CVSS2
7.5 High
CVSS3