Home

CVE-2018-12396

Description

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.138

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 62.0.3Windows
Multiple vulnerabilities affected in Mozilla Firefox ESR (x64) 60.2.2Windows
Multiple vulnerabilities affected in Mozilla Firefox ESR 60.2.2Windows
Multiple vulnerabilities affected in Mozilla_Firefox 62.0.3Windows
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 62.0.3Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 60.2.2Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.2.2Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-310844Mozilla Firefox ESR (x64) (60.9.0)
PATCH-310843Mozilla Firefox ESR (60.9.0)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234