CVE-2018-5116
CVSS v3.0
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
0.68 % (80th)
Affected Products
2
Advisories
3
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.
Weaknesses
- CWE-346
- Origin Validation Error
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2018-06-11 21:29:13
(6 years ago) - Updated Date
-
2018-06-25 17:25:37
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...