7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
Mozilla Firefox is vulnerable to privilege escalation. The vulnerability exists in an unknown functionality of the component WebExtension. An attacker could run content scripts in local pages without permission warnings when a local file is opened resulting in a privilege escalation.
www.securityfocus.com/bid/105718
www.securitytracker.com/id/1041944
access.redhat.com/errata/RHSA-2018:3005
access.redhat.com/errata/RHSA-2018:3006
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=1487478
bugzilla.redhat.com/show_bug.cgi?id=1638082
lists.debian.org/debian-lts-announce/2018/11/msg00008.html
security.gentoo.org/glsa/201811-04
usn.ubuntu.com/3801-1/
www.debian.org/security/2018/dsa-4324
www.mozilla.org/en-US/security/advisories/mfsa2018-27/
www.mozilla.org/security/advisories/mfsa2018-26/
www.mozilla.org/security/advisories/mfsa2018-27/
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N