High severity7.5NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2018-5135
CVE-2018-5135
Description
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<59+ 1 more
- (no CPE)range: <59
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/103386nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040514nvdThird Party AdvisoryVDB Entry
- usn.ubuntu.com/3596-1/nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2018-06/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.