CVE-2018-5152
First published: Wed May 09 2018(Updated: )
Last updated 24 July 2024
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <60 | 60 |
| Mozilla Firefox | <60.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Canonical Ubuntu Linux | =18.04 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1415644
- https://bugzilla.mozilla.org/show_bug.cgi?id=1427289
- https://www.mozilla.org/security/advisories/mfsa2018-11/
- https://usn.ubuntu.com/3645-1/
- http://www.securityfocus.com/bid/104139
- http://www.securitytracker.com/id/1040896
- https://launchpad.net/bugs/cve/CVE-2018-5152
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
- https://security-tracker.debian.org/tracker/CVE-2018-5152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5152
- https://nvd.nist.gov/vuln/detail/CVE-2018-5152
- https://ubuntu.com/security/CVE-2018-5152
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5154
- CVE-2018-5155
- CVE-2018-5157
- CVE-2018-5158
- CVE-2018-5159
- CVE-2018-5160
- CVE-2018-5152
- CVE-2018-5153
- CVE-2018-5163
- CVE-2018-5164
- CVE-2018-5166
- CVE-2018-5167
- CVE-2018-5168
- CVE-2018-5169
- CVE-2018-5172
- CVE-2018-5173
- CVE-2018-5174
- CVE-2018-5175
- CVE-2018-5176
- CVE-2018-5177
- CVE-2018-5165
- CVE-2018-5180
- CVE-2018-5181
- CVE-2018-5182
- CVE-2018-5179
- CVE-2018-5151
- CVE-2018-5150
Frequently Asked Questions
What is CVE-2018-5152?
CVE-2018-5152 is a vulnerability in WebExtensions that allows content scripts to intercept network traffic on Mozilla sites such as accounts.firefox.com.
How can this vulnerability be exploited?
This vulnerability can be exploited by malicious WebExtensions with the appropriate permissions to intercept login credentials, such as usernames and encrypted passwords, on websites like Firefox accounts.firefox.com.
What is the severity level of CVE-2018-5152?
The severity level of CVE-2018-5152 is medium, with a severity value of 6.5.
Which software versions are affected by CVE-2018-5152?
Mozilla Firefox versions up to and including 60.0 are affected by CVE-2018-5152.
How can I mitigate the vulnerability CVE-2018-5152?
To mitigate CVE-2018-5152, update Mozilla Firefox to version 60.0 or newer.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- version/canonical ubuntu linux/18.04
- package-manager/debian