CVE-2018-12397

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12397

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12397.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-12397

Downstream

DEBIAN-CVE-2018-12397

DLA-1571-1

DSA-4324-1

RHSA-2018:3005

RHSA-2018:3006

SUSE-SU-2018:3656-1

SUSE-SU-2018:3749-1

SUSE-SU-2018:3749-2

SUSE-SU-2018:3749-3

UBUNTU-CVE-2018-12397

USN-3801-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:14572-1

Related

Published

2019-02-28T18:29:00Z

Modified

2025-08-09T20:01:27Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

References

Affected packages