CVE-2018-18497

Priority
Description
Limitations on the URIs allowed to WebExtensions by the
browser.windows.create API can be bypassed when a pipe in the URL field is
used within the extension to load multiple pages as a single argument. This
could allow a malicious WebExtension to open privileged about: or file:
locations. This vulnerability affects Firefox < 64.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (64.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [64.0+build3-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (64.0+build3-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (64.0+build3-0ubuntu0.18.04.1)
More Information

Updated: 2020-09-10 05:54:37 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)