mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
903 B
903 B
CVE-2018-5135
Description
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
POC
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371
- https://bugzilla.mozilla.org/show_bug.cgi?id=1431371
Github
No PoCs found on GitHub currently.