CVE-2018-5112
First published: Tue Jan 23 2018(Updated: )
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <58 | 58 |
| Mozilla Firefox | <=57.0.4 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1425224
- https://www.mozilla.org/security/advisories/mfsa2018-02/
- https://usn.ubuntu.com/3544-1/
- http://www.securityfocus.com/bid/102786
- http://www.securitytracker.com/id/1040270
- https://launchpad.net/bugs/cve/CVE-2018-5112
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
- https://security-tracker.debian.org/tracker/CVE-2018-5112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5112
- https://nvd.nist.gov/vuln/detail/CVE-2018-5112
- https://ubuntu.com/security/CVE-2018-5112
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5091
- CVE-2018-5092
- CVE-2018-5093
- CVE-2018-5094
- CVE-2018-5095
- CVE-2018-5097
- CVE-2018-5098
- CVE-2018-5099
- CVE-2018-5100
- CVE-2018-5101
- CVE-2018-5102
- CVE-2018-5103
- CVE-2018-5104
- CVE-2018-5105
- CVE-2018-5106
- CVE-2018-5107
- CVE-2018-5108
- CVE-2018-5109
- CVE-2018-5110
- CVE-2018-5111
- CVE-2018-5112
- CVE-2018-5113
- CVE-2018-5114
- CVE-2018-5115
- CVE-2018-5116
- CVE-2018-5117
- CVE-2018-5118
- CVE-2018-5119
- CVE-2018-5121
- CVE-2018-5122
- CVE-2018-5090
- CVE-2018-5089
Frequently Asked Questions
What is CVE-2018-5112?
CVE-2018-5112 is a vulnerability in the Development Tools panels of Mozilla Firefox and Ubuntu Firefox that allows the panels to load URLs that they should not be able to access.
What is the severity of CVE-2018-5112?
CVE-2018-5112 has a severity value of 7.5, which is considered high.
How can the development tools panel in Firefox load unauthorized URLs?
The development tools panel in Firefox can load unauthorized URLs due to a lack of enforcement of the requirement to load URLs as relative URLs from the extension manifest file.
Which versions of Firefox are affected by CVE-2018-5112?
Versions up to and exclusive of Firefox 58.0 are affected by CVE-2018-5112.
How can I fix CVE-2018-5112 in Firefox?
To fix CVE-2018-5112 in Firefox, update to version 58.0 or newer.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/severity
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/57.0.4
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- package-manager/debian