SecuritySpace - CVE-2018-5152

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-5152

Description: WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-5152
BugTraq ID: 104139
http://www.securityfocus.com/bid/104139
http://www.securitytracker.com/id/1040896
https://usn.ubuntu.com/3645-1/

CVE ID:	CVE-2018-5152
Description:	WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5152 BugTraq ID: 104139 http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://usn.ubuntu.com/3645-1/