CVE-2018-18497

MEDIUM

Firefox < 64.0 - Privilege Escalation via WebExtension URI Bypass

Title source: llm
STIX 2.1

Description

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.

References (4)

Core 4
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1488180
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2018-29/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3844-1/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106167

Scores

CVSS v3 6.5
EPSS 0.0022
EPSS Percentile 44.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Status published
Products (5)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
mozilla/firefox < 64.0
Published Feb 28, 2019
Tracked Since Feb 18, 2026