1. Home
  2. Vulnerabilities
  3. CVE-2018-5152

CVE-2018-5152

CVSS v3.0 6.5 (Medium)
65% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.43 % (75th)
0.43% Progress
Affected Products 2
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

Weaknesses
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:15
(6 years ago)
Updated Date
2019-10-03 00:03:26
(5 years ago)

Affected Products

Canonical

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 60.0 version cpe:2.3:a:mozilla:firefox < 60.0

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 17.10 cpe:2.3:o:canonical:ubuntu_linux:17.10
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts