High severity7.5NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2018-5112
CVE-2018-5112
Description
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<58+ 1 more
- (no CPE)range: <58
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/102786nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040270nvdThird Party AdvisoryVDB Entry
- usn.ubuntu.com/3544-1/nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2018-02/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.