CVE-2018-18497 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation CWE-59 — Link Following CWE-270 — Privilege Context Switching Error CWE-552 — Files or Directories Accessible to External Parties8 documents7 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

0.2%

top 55.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Canonical Ubuntu Linux

Timeline

PublishedFeb 28

Latest updateMay 13

Description

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/firefox< firefox 64.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 64

▶NVDmozilla/firefox< 64.0

▶Ubuntumozilla/firefox< 64.0+build3-0ubuntu0.14.04.1+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-9467-r3c9-7387: Limitations on the URIs allowed to WebExtensions by the browser↗2022-05-13

▶

OSV

CVE-2018-18497: Limitations on the URIs allowed to WebExtensions by the browser↗2018-12-11

▶

OSV

firefox vulnerabilities↗2018-12-11

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2018-12-11

▶

Red Hat

firefox: WebExtensions can load arbitrary URLs through pipe separators↗2018-12-11

▶

Debian

CVE-2018-18497: firefox - Limitations on the URIs allowed to WebExtensions by the browser.windows.create A...↗2018

▶

💬Community

Bugzilla

CVE-2018-18497 firefox: WebExtensions can load arbitrary URLs through pipe separators↗2019-04-04

▶