Privilege Escalation

🗓️ 16 May 2019 03:18:10Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 26 Views

Mozilla Firefox privilege escalation vulnerability in WebExtension

Reporter	Title	Published	Views	Family All 96
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 60.3.0-alt1	23 Oct 201800:00	–	altlinux
Tenable Nessus	Mozilla Firefox < 63 Multiple Vulnerabilities	6 Feb 201900:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (CESA-2018:3005)	26 Oct 201800:00	–	nessus
Tenable Nessus	CentOS 6 : firefox (CESA-2018:3006)	26 Oct 201800:00	–	nessus
Tenable Nessus	Debian DLA-1571-1 : firefox-esr security update	8 Nov 201800:00	–	nessus
Tenable Nessus	Debian DSA-4324-1 : firefox-esr - security update	25 Oct 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1384)	11 Dec 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1414)	28 Dec 201800:00	–	nessus
Tenable Nessus	FreeBSD : mozilla -- multiple vulnerabilities (7c3a02b9-3273-4426-a0ba-f90fad2ff72e)	24 Oct 201800:00	–	nessus
Tenable Nessus	GLSA-201811-04 : Mozilla Firefox: Multiple vulnerabilities	9 Nov 201800:00	–	nessus

Vulners

Node

google bionicMatch59.0.2+build1-0ubuntu1debian

AND

debian debian_linux

xenial xenialMatch45.0.2+build1-0ubuntu1debian

AND

debian debian_linux

trusty trustyMatch28.0+build2-0ubuntu2debian

AND

debian debian_linux

mozilla firefoxMatch52.7.3_1.el7.centos

mozilla firefoxMatch60.1.0_4.el7.centos

mozilla firefoxMatch60.2.1_1.el7.centos

mozilla firefoxMatch52.7.0_1.el7.centos

mozilla firefoxMatch60.2.0_1.el7.centos

mozilla firefoxMatch60.2.2_1.el7.centos

mozilla firefoxMatch52.8.0_1.el7.centos

mozilla firefoxMatch3.6.17_1.el6_0

mozilla firefoxMatch24.6.0_1.el6_5

mozilla firefoxMatch60.2.1_1.el6

mozilla firefoxMatch38.6.0_1.el6_7

mozilla firefoxMatch3.6.14_4.el6_0

mozilla firefoxMatch45.2.0_1.el6_8

mozilla firefoxMatch60.2.1_1.el6.centos

mozilla firefoxMatch31.6.0_2.el6_6

mozilla firefoxMatch60.2.0_1.el6

mozilla firefoxMatch38.4.0_1.el6_7

mozilla firefoxMatch52.7.0_1.el6_9

mozilla firefoxMatch38.6.0_2.el6_7

mozilla firefoxMatch60.1.0_6.el6

mozilla firefoxMatch10.0.7_1.el6_3

mozilla firefoxMatch52.8.0_1.el6.centos

mozilla firefoxMatch45.1.1_1.el6_7

mozilla firefoxMatch24.2.0_6.el6_5

mozilla firefoxMatch3.6.22_1.el6_1

mozilla firefoxMatch24.7.0_1.el6_5

mozilla firefoxMatch10.0.8_1.el6_3

mozilla firefoxMatch52.7.3_1.el6_9

mozilla firefoxMatch60.2.2_1.el6

mozilla firefoxMatch38.2.0_4.el6_7

mozilla firefoxMatch17.0.3_1.el6_3

mozilla firefoxMatch24.3.0_2.el6_5

mozilla firefoxMatch60.1.0_5.el6

mozilla firefoxMatch52.7.2_1.el6_9

mozilla firefoxMatch52.6.0_1.el6_9

mozilla firefoxMatch38.7.0_1.el6_7

mozilla firefoxMatch45.5.0_1.el6_8

mozilla firefoxMatch24.5.0_1.el6_5

mozilla firefoxMatch3.6.24_3.el6_1

mozilla firefoxMatch17.0.10_1.el6_4

mozilla firefoxMatch45.5.1_1.el6_8

mozilla firefoxMatch31.4.0_1.el6_6

mozilla firefoxMatch60.1.0_5.el6.centos

mozilla firefoxMatch3.6.18_1.el6_1

mozilla firefoxMatch52.1.0_2.el6_9

mozilla firefoxMatch38.1.0_1.el6_6

mozilla firefoxMatch38.1.1_1.el6_7

mozilla firefoxMatch10.0.12_1.el6_3

mozilla firefoxMatch17.0.7_1.el6_4

mozilla firefoxMatch38.0_4.el6_6

mozilla firefoxMatch24.8.0_1.el6_5

mozilla firefoxMatch45.0.1_1.el6

mozilla firefoxMatch10.0.11_1.el6_3

mozilla firefoxMatch60.1.0_6.el6.centos

mozilla firefoxMatch45.3.0_1.el6_8

mozilla firefoxMatch17.0.9_1.el6_4

mozilla firefoxMatch45.6.0_1.el6_8

mozilla firefoxMatch3.6.9_2.el6

mozilla firefoxMatch3.6.12_1.el6_0

mozilla firefoxMatch52.3.0_3.el6_9

mozilla firefoxMatch17.0.6_1.el6_4

mozilla firefoxMatch31.3.0_3.el6_6

mozilla firefoxMatch3.6.15_2.el6_0

mozilla firefoxMatch45.8.0_2.el6_8

mozilla firefoxMatch60.2.0_1.el6.centos

mozilla firefoxMatch31.1.0_5.el6_5

mozilla firefoxMatch24.4.0_1.el6_5

mozilla firefoxMatch31.5.3_1.el6_6

mozilla firefoxMatch17.0.8_1.el6_4

mozilla firefoxMatch52.5.0_1.el6_9

mozilla firefoxMatch38.6.1_1.el6_7

mozilla firefoxMatch45.7.0_2.el6_8

mozilla firefoxMatch52.8.0_1.el6_9

mozilla firefoxMatch31.5.0_1.el6_6

mozilla firefoxMatch45.1.1_1.el6_8

mozilla firefoxMatch38.5.0_2.el6_7

mozilla firefoxMatch10.0.10_1.el6_3

mozilla firefoxMatch10.0.3_1.el6_2

mozilla firefoxMatch52.5.1_1.el6_9

mozilla firefoxMatch52.2.0_1.el6_9

mozilla firefoxMatch10.0.6_1.el6_3

mozilla firefoxMatch38.3.0_2.el6_7

mozilla firefoxMatch24.2.0_1.el6_5

mozilla firefoxMatch38.0.1_1.el6_6

mozilla firefoxMatch17.0.5_1.el6_4

mozilla firefoxMatch3.6.23_2.el6_1

mozilla firefoxMatch31.2.0_3.el6_6

mozilla firefoxMatch3.6.13_2.el6_0

mozilla firefoxMatch10.0.5_1.el6_2

mozilla firefoxMatch10.0.1_1.el6_2

mozilla firefoxMatch38.2.1_1.el6_7

mozilla firefoxMatch3.6.20_2.el6_1

mozilla firefoxMatch10.0.4_1.el6_2

mozilla firefoxMatch52.4.0_1.el6_9

mozilla firefoxMatch45.7.0_1.el6_8

mozilla firefoxMatch60.2.2_1.el6.centos

mozilla firefoxMatch45.4.0_1.el6_8

mozilla firefoxMatch45.1.0_1.el6_7

mozilla firefoxMatch3.6.26_1.el6_2

Source	Link
securitytracker	www.securitytracker.com/id/1041944
securityfocus	www.securityfocus.com/bid/105718
lists	www.lists.debian.org/debian-lts-announce/2018/11/msg00008.html
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2018-27/
access	www.access.redhat.com/security/updates/classification/
access	www.access.redhat.com/errata/RHSA-2018:3005
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
debian	www.debian.org/security/2018/dsa-4324
security	www.security.gentoo.org/glsa/201811-04
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi

03 Oct 2019 07:26Current

7.8High risk

Vulners AI Score7.8

CVSS 24.3

CVSS 36.5

EPSS0.00705