CVE-2018-18495

WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/106167	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585	Issue Tracking Permissions Required Vendor Advisory
https://usn.ubuntu.com/3844-1/	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-29/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

History

No history.

Information

Published : 2019-02-28 18:29

Updated : 2020-08-24 17:37

NVD link : CVE-2018-18495

Mitre link : CVE-2018-18495

CVE.ORG link : CVE-2018-18495

JSON object : View

Products Affected

canonical

ubuntu_linux

mozilla

firefox

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2018-18495", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-02-28T18:29:01.680", "references": [{"url": "http://www.securityfocus.com/bid/106167", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1427585", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/3844-1/", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-29/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64."}, {"lang": "es", "value": "Se pueden cargar los scripts del contenido de WebExtensions en p\u00e1ginas about:, en algunas circunstancias, en violaci\u00f3n de los permisos otorgados a las extensiones. Esto podr\u00eda permitir a una extensi\u00f3n interferir con la carga y el uso de estas p\u00e1ginas y utilizar capacidades que deber\u00edan estar restringidas para extensiones. Esta vulnerabilidad afecta a las versiones anteriores a la 64 de Firefox."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE636DD-B445-4566-85CC-D5B2C43F0BFA", "versionEndExcluding": "64.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}