CVE-2018-18495 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Access restriction bypass
Description	A security issue has been found in Firefox < 64.0, where WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-833	firefox	63.0.3-1	64.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Dec 2018	ASA-201812-9	AVG-833	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495 https://bugzilla.mozilla.org/show_bug.cgi?id=1427585