CVE-2018-12396
6.5
MEDIUM
CVSS 3.1
EPSS 0.70%
Description
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
How to fix CVE-2018-12396
To remediate CVE-2018-12396, upgrade the affected package to a fixed version below.
- Debian/firefox-esr—upgrade to 60.3.0esr-1 or later
Is CVE-2018-12396 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 60.3.0esr-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |