vulnerability

Ubuntu: (Multiple Advisories) (CVE-2018-5152): Firefox vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

May 9, 2018

Added

May 22, 2018

Modified

Mar 27, 2026

Description

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.

Solution

ubuntu-upgrade-firefox

References

CVE-2018-5152
https://attackerkb.com/topics/CVE-2018-5152
CWE-327
EUVD-EUVD-2018-16938
NVD-CVE-2018-5152
UBUNTU-USN-3645-1
UBUNTU-USN-3645-2
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-16938

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report