Main Vulnerability Database Vulnerabilities #VU10199

#VU10199 Security restrictions bypass in Mozilla Firefox - CVE-2018-5113

Published: January 24, 2018

Vulnerability identifier: #VU10199

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5113

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the failure to enforce the requirement of the browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https:.. A remote attacker can bypass security restrictions and load privileges pages.

Remediation

Update to version 58.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/