CVE-2018-5152

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An information disclosure vulnerability has been found in Firefox < 60.0. WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in.
Group Package Affected Fixed Severity Status Ticket
AVG-693 firefox 59.0.2-3 60.0-1 Critical Fixed
Date Advisory Group Package Severity Description
13 May 2018 ASA-201805-10 AVG-693 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
https://bugzilla.mozilla.org/show_bug.cgi?id=1415644