cbcvebase.
CVE-2018-5105
published 2018-06-11

CVE-2018-5105: WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user…

PriorityP431high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
0.42%
34.1th percentile
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.

Affected

11 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianfirefox< firefox 58.0-1 (sid)firefox 58.0-1 (sid)
mozillafirefox<= 57.0.4
mozillafirefox>= 0 < 58.0.2+build1-0ubuntu0.14.04.158.0.2+build1-0ubuntu0.14.04.1
mozillafirefox>= 0 < 58.0+build6-0ubuntu0.14.04.158.0+build6-0ubuntu0.14.04.1
mozillafirefox>= 0 < 58.0.2+build1-0ubuntu0.16.04.158.0.2+build1-0ubuntu0.16.04.1
mozillafirefox>= 0 < 58.0+build6-0ubuntu0.16.04.158.0+build6-0ubuntu0.16.04.1
mozillafirefox>= 0 < 59.0.1+build1-0ubuntu159.0.1+build1-0ubuntu1
mozillafirefox>= unspecified < 5858

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.