High severity7.8NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2018-5105
CVE-2018-5105
Description
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<58+ 1 more
- (no CPE)range: <58
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/102786nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040270nvdThird Party AdvisoryVDB Entry
- usn.ubuntu.com/3544-1/nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2018-02/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.