CVE-2018-5115

Priority
Medium
Description
If an HTTP authentication prompt is triggered by a background network
request from a page or extension, it is displayed over the currently loaded
foreground page. Although the prompt contains the real domain making the
request, this can result in user confusion about the originating site of
the authentication request and may cause users to mistakenly send private
credential information to a third party site. This vulnerability affects
Firefox < 58.
References
Assigned-to
chrisccoulson
Package
Upstream:released (58.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (58.0+build6-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (58.0+build6-0ubuntu0.16.04.1)
Ubuntu 17.10 (Artful Aardvark):released (58.0+build6-0ubuntu0.17.10.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (59.0.1+build1-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (59.0.1+build1-0ubuntu1)
More Information

Updated: 2018-06-13 17:15:55 UTC (commit 14944)