cvelist/2018/5xxx/CVE-2018-5135.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2018-5135",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Firefox",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "59"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Mozilla"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "WebExtension browserAction can inject scripts into unintended contexts"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "103386",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/103386"
            },
            {
                "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371",
                "refsource": "CONFIRM",
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371"
            },
            {
                "name": "1040514",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1040514"
            },
            {
                "name": "USN-3596-1",
                "refsource": "UBUNTU",
                "url": "https://usn.ubuntu.com/3596-1/"
            },
            {
                "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
                "refsource": "CONFIRM",
                "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
            }
        ]
    }
}
- Synchronized data. 2018-01-03 16:04:09 -05:00			`{`
"-Synchronized-Data." 2019-03-18 00:41:22 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@mozilla.org",`
			`"ID": "CVE-2018-5135",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Firefox",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "59"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Mozilla"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submission from Mozilla from 2018-06-06. 2018-06-11 13:04:38 -04:00			`{`
"-Synchronized-Data." 2019-03-18 00:41:22 +00:00			`"lang": "eng",`
			`"value": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59."`
- Added submission from Mozilla from 2018-06-06. 2018-06-11 13:04:38 -04:00			`}`
"-Synchronized-Data." 2019-03-18 00:41:22 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "WebExtension browserAction can inject scripts into unintended contexts"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "103386",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/103386"`
			`},`
			`{`
			`"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371",`
			`"refsource": "CONFIRM",`
			`"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371"`
			`},`
			`{`
			`"name": "1040514",`
			`"refsource": "SECTRACK",`
			`"url": "http://www.securitytracker.com/id/1040514"`
			`},`
			`{`
			`"name": "USN-3596-1",`
			`"refsource": "UBUNTU",`
			`"url": "https://usn.ubuntu.com/3596-1/"`
			`},`
			`{`
			`"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"`
			`}`
			`]`
			`}`
			`}`