CVE Vulnerabilities

CVE-2018-5105

Published: Jun 11, 2018 | Modified: Oct 03, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 57.0.4 (including)
Firefox Ubuntu artful *
Firefox Ubuntu bionic *
Firefox Ubuntu devel *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *

References