Home > Vulnerability Database > CVE-2018-5152

Mend.io Vulnerability Database

CVE-2018-5152

Date: June 11, 2018

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

Language: Unix

Severity Score

6.5

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-5152

Url: http://www.securitytracker.com/id/1040896

Url: https://www.mozilla.org/security/advisories/mfsa2018-11/

Url: https://usn.ubuntu.com/3645-1/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1415644

Url: http://www.securityfocus.com/bid/104139

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1427289

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5152

Url: https://www.mend.io/vulnerability-database/CVE-2018-5152

Severity Score

6.5

Weakness Type (CWE)

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-5152

Date: June 11, 2018

Language: Unix

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?