CVE-2018-12396

Source
Severity Medium
Remote Yes
Type Privilege escalation
Description
A security issue has been found in Firefox versions prior to 63.0, where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run.
Group Package Affected Fixed Severity Status Ticket
AVG-787 firefox 62.0.3-2 63.0-1 Critical Fixed
Date Advisory Group Package Severity Description
24 Oct 2018 ASA-201810-14 AVG-787 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396
https://bugzilla.mozilla.org/show_bug.cgi?id=1483602