Lucene search
MozillaCVELIST:CVE-2018-18497HistoryFeb 28, 2019 - 6:00 p.m.
CVE-2018-18497
2019-02-2818:00:00
mozilla
www.cve.org
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.
CNA Affected
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "64",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
debiancve
debiancve
CVE-2018-18497
2019-02-28 18:29:01
cve
cve
CVE-2018-18497
2019-02-28 18:29:01
prion
prion
Design/Logic Flaw
2019-02-28 18:29:00
nvd
nvd
CVE-2018-18497
2019-02-28 18:29:01
ubuntucve
ubuntucve
CVE-2018-18497
2018-12-11 00:00:00
redhatcve
redhatcve
CVE-2018-18497
2019-04-04 07:50:17
nessus
nessus
RHEL 8 : firefox (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : firefox (Unpatched Vulnerability)
2024-05-11 00:00:00
archlinux
archlinux
[ASA-201812-9] firefox: multiple issues
2018-12-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3844-1)
2018-12-12 00:00:00
Mozilla Firefox Security Advisory (MFSA2018-29) - Linux
2021-11-08 00:00:00
Mozilla Firefox Security Advisories (MFSA2018-28, MFSA2018-30) - Windows
2018-12-13 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2018-12-11 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-12-11 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 64 — Mozilla
2018-12-11 00:00:00
kaspersky
kaspersky
KLA11389 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2018-12-11 00:00:00