CVE-2018-12369
Ubuntu Security Notice USN-3705-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
Las WebExtensions incluidas con los experimentos embebidos no se comprobaron correctamente en busca de una autorización adecuada. Esto permitÃa que una WebExtension maliciosa obtenga los permisos totales del navegador. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.1 y Firefox en versiones anteriores a la 61.
USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-14 CVE Reserved
- 2018-07-05 CVE Published
- 2024-08-05 CVE Updated
- 2025-01-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104561 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041193 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201810-01 | 2019-10-03 | |
| https://usn.ubuntu.com/3705-1 | 2019-10-03 | |
| https://www.mozilla.org/security/advisories/mfsa2018-15 | 2019-10-03 | |
| https://www.mozilla.org/security/advisories/mfsa2018-16 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 61.0 Search vendor "Mozilla" for product "Firefox" and version " < 61.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 60.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version " < 60.1.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||