Home > Vulnerability Database > CVE-2018-5112

Mend.io Vulnerability Database

CVE-2018-5112

Date: June 11, 2018

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.

Severity Score

7.5

Related Resources (8)

Url: https://www.mozilla.org/security/advisories/mfsa2018-02/

Url: https://usn.ubuntu.com/3544-1/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1425224

Url: http://www.securityfocus.com/bid/102786

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5112

Url: http://www.securitytracker.com/id/1040270

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-5112

Url: https://www.mend.io/vulnerability-database/CVE-2018-5112

Severity Score

7.5

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-5112

Date: June 11, 2018

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?