CVE-2018-5115 (retired)

If an HTTP authentication prompt is triggered by a background network
request from a page or extension, it is displayed over the currently loaded
foreground page. Although the prompt contains the real domain making the
request, this can result in user confusion about the originating site of
the authentication request and may cause users to mistakenly send private
credential information to a third party site. This vulnerability affects
Firefox < 58.
Upstream:released (58.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (58.0+build6-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (58.0+build6-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (59.0.1+build1-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (59.0.1+build1-0ubuntu1)
More Information

Updated: 2019-03-26 12:27:28 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)