CVE-2017-5386

Description

WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

Risk Information

Base Score

7.3

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

Exploitation Probability

1.186

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (51.0)	Windows
Update for Mozilla Firefox x64 (51.0)	Windows
Update for Mozilla Firefox ESR (45.7.0)	Windows
Update for Mozilla Firefox ESR x64 (45.7.0)	Windows
Update for Mozilla Firefox (51.0.1)	Windows
Update for Mozilla Firefox x64 (51.0.1)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (51.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (51.0.1)	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 50.1.0	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.6.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.6.0	Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 45.7	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304555	Update for Mozilla Firefox x64 (51.0)
PATCH-304559	Update for Mozilla Firefox ESR (45.7.0)
PATCH-304560	Update for Mozilla Firefox ESR x64 (45.7.0)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304588	Update for Mozilla Firefox x64 (51.0.1)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-612783	Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234