Home

CVE-2018-5152

Description

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.457

Associated Vulnerability

VulnerabilityOS Platform
Updates for Mozilla Firefox (60.0)Windows
Updates for Mozilla Firefox (x64) (60.0)Windows
Updates for Mozilla Firefox (60.0.1)Windows
Updates for Mozilla Firefox (x64) (60.0.1)Windows
Updates for Mozilla Firefox (60.0.2)Windows
Updates for Mozilla Firefox (x64) (60.0.2)Windows
Updates for Mozilla Firefox ESR (60.0.2)Windows
Updates for Mozilla Firefox ESR (x64) (60.0.2)Windows
Mozilla Firefox ESR (60.1.0)Windows
Mozilla Firefox ESR (x64) (60.1.0)Windows
Mozilla Firefox ESR (60.2.0)Windows
Mozilla Firefox ESR (x64) (60.2.0)Windows
Mozilla Firefox ESR (60.2.1)Windows
Mozilla Firefox ESR (x64) (60.2.1)Windows
Mozilla Firefox ESR (60.2.2)Windows
Mozilla Firefox ESR (x64) (60.2.2)Windows
Mozilla Firefox ESR (60.3.0)Windows
Mozilla Firefox ESR (x64) (60.3.0)Windows
Mozilla Firefox ESR (60.5.0)Windows
Mozilla Firefox ESR (60.5.1)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.2)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60Mac
Mozilla Open Source web browser (USN-2880-2) firefox_60.0+build2-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2880-2) firefox_60.0+build2-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3435-2) firefox_60.0+build2-0ubuntu0.16.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3435-2) firefox_60.0+build2-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3599-1) firefox_60.0+build2-0ubuntu0.17.10.1_i386.debLinux
Mozilla Open Source web browser (USN-3645-1) firefox_60.0+build2-0ubuntu1_i386.debLinux
Mozilla Open Source web browser (USN-3645-1) firefox_60.0+build2-0ubuntu1_amd64.debLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307502Updates for Mozilla Firefox (60.0)
PATCH-307506Updates for Mozilla Firefox (x64) (60.0)
PATCH-307537Updates for Mozilla Firefox (60.0.1)
PATCH-307542Updates for Mozilla Firefox (x64) (60.0.1)
PATCH-307642Updates for Mozilla Firefox (60.0.2)
PATCH-307646Updates for Mozilla Firefox (x64) (60.0.2)
PATCH-307736Updates for Mozilla Firefox ESR (60.0.2)
PATCH-307744Updates for Mozilla Firefox ESR (x64) (60.0.2)
PATCH-307747Mozilla Firefox ESR (60.1.0)
PATCH-307748Mozilla Firefox ESR (x64) (60.1.0)
PATCH-308027Mozilla Firefox ESR (60.2.0)
PATCH-308035Mozilla Firefox ESR (x64) (60.2.0)
PATCH-308123Mozilla Firefox ESR (60.2.1)
PATCH-308125Mozilla Firefox ESR (x64) (60.2.1)
PATCH-308181Mozilla Firefox ESR (60.2.2)
PATCH-308183Mozilla Firefox ESR (x64) (60.2.2)
PATCH-308289Mozilla Firefox ESR (60.3.0)
PATCH-308293Mozilla Firefox ESR (x64) (60.3.0)
PATCH-308876Mozilla Firefox ESR (60.5.0)
PATCH-308982Mozilla Firefox ESR (60.5.1)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234