7.8

CVE-2018-5105

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 57.0.4
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.337
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securitytracker.com/id/1040270
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3544-1/
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-02/
Vendor Advisory
http://www.securityfocus.com/bid/102786
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1390882
Issue Tracking
Permissions Required