← back
CVE-2018-12396

CVE-2018-12396

EPSS 2.3%
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Affected products
Mozilla · FirefoxMozilla · Firefox ESR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2018:3005https://access.redhat.com/errata/RHSA-2018:3006https://bugzilla.mozilla.org/show_bug.cgi?id=1483602https://lists.debian.org/debian-lts-announce/2018/11/msg00008.htmlhttps://security.gentoo.org/glsa/201811-04https://usn.ubuntu.com/3801-1/https://www.debian.org/security/2018/dsa-4324https://www.mozilla.org/security/advisories/mfsa2018-26/https://www.mozilla.org/security/advisories/mfsa2018-27/http://www.securityfocus.com/bid/105718http://www.securitytracker.com/id/1041944