QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-5152

Back to search

CVE-2018-5152

Published: Jun 11, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

VendorProductVersions

Mozilla

Firefox

affected
unspecified - < 60

References

1040896
vdb-entry
x_refsource_SECTRACK
USN-3645-1
vendor-advisory
x_refsource_UBUNTU
104139
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now