Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-12397

Date: February 28, 2019

A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Language: Unix

Severity Score

Related Resources (15)

https://nvd.nist.gov/vuln/detail/CVE-2018-12397
https://security.gentoo.org/glsa/201811-04
https://www.mozilla.org/security/advisories/mfsa2018-27/
https://www.mozilla.org/security/advisories/mfsa2018-26/
https://usn.ubuntu.com/3801-1/
https://www.debian.org/security/2018/dsa-4324
https://access.redhat.com/security/cve/CVE-2018-12397
https://security-tracker.debian.org/tracker/CVE-2018-12397
https://access.redhat.com/errata/RHSA-2018:3006
https://access.redhat.com/errata/RHSA-2018:3005
https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1487478
http://www.securityfocus.com/bid/105718
http://www.securitytracker.com/id/1041944
https://www.mend.io/vulnerability-database/CVE-2018-12397

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us