CVE-2018-5115

Priority
Description
If an HTTP authentication prompt is triggered by a background network
request from a page or extension, it is displayed over the currently loaded
foreground page. Although the prompt contains the real domain making the
request, this can result in user confusion about the originating site of
the authentication request and may cause users to mistakenly send private
credential information to a third party site. This vulnerability affects
Firefox < 58.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (58.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [58.0+build6-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (58.0+build6-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (59.0.1+build1-0ubuntu1)
More Information

Updated: 2019-12-05 18:50:57 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)