CVE-2018-5137
Published: 14 March 2018
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
artful |
Released
(59.0+build5-0ubuntu0.17.10.1)
|
bionic |
Released
(59.0.1+build1-0ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was released [59.0+build5-0ubuntu0.14.04.1])
|
|
upstream |
Released
(59.0)
|
|
xenial |
Released
(59.0+build5-0ubuntu0.16.04.1)
|