Unrated severityNVD Advisory· Published Feb 28, 2019· Updated Aug 5, 2024
CVE-2018-12397
CVE-2018-12397
Description
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Affected products
19- osv-coords17 versionspkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207
< 60.3.0-109.50.2+ 16 more
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-3.17.1
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- (no CPE)range: < 60.3.0-109.50.2
- Range: unspecified
- Mozilla/Firefox ESRv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2018:3005mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:3006mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201811-04mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3801-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4324mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/105718mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041944mitrevdb-entryx_refsource_SECTRACK
- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/11/msg00008.htmlmitremailing-listx_refsource_MLIST
- www.mozilla.org/security/advisories/mfsa2018-26/mitrex_refsource_CONFIRM
- www.mozilla.org/security/advisories/mfsa2018-27/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.