Oval Definition:oval:org.opensuse.security:def:201818497
Revision Date:2023-04-22Version:1
Title:CVE-2018-18497
Description:

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2018-18497
SUSE CVE-2018-18497
Platform(s):openSUSE Tumbleweed
SUSE CaaS Platform 4.0
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • MozillaFirefox-92.0-1.2 is installed
  • OR MozillaFirefox-branding-upstream-92.0-1.2 is installed
  • OR MozillaFirefox-devel-92.0-1.2 is installed
  • OR MozillaFirefox-translations-common-92.0-1.2 is installed
  • OR MozillaFirefox-translations-other-92.0-1.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.3 is installed
  • AND Package Information
  • mozilla-nspr is not affected
  • OR libfreebl3 is not affected
  • OR libfreebl3-hmac is not affected
  • OR libsoftokn3 is not affected
  • OR libsoftokn3-hmac is not affected
  • OR mozilla-nss is not affected
  • OR mozilla-nss-certs is not affected
  • OR mozilla-nss-tools is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • mozilla-nspr is not affected
  • OR mozilla-nspr-32bit is not affected
  • OR mozilla-nspr-devel is not affected
  • OR libfreebl3 is not affected
  • OR libfreebl3-32bit is not affected
  • OR libfreebl3-hmac is not affected
  • OR libfreebl3-hmac-32bit is not affected
  • OR libsoftokn3 is not affected
  • OR libsoftokn3-32bit is not affected
  • OR libsoftokn3-hmac is not affected
  • OR libsoftokn3-hmac-32bit is not affected
  • OR mozilla-nss is not affected
  • OR mozilla-nss-32bit is not affected
  • OR mozilla-nss-certs is not affected
  • OR mozilla-nss-certs-32bit is not affected
  • OR mozilla-nss-devel is not affected
  • OR mozilla-nss-sysinit is not affected
  • OR mozilla-nss-tools is not affected
    • Definition Synopsis
  • Release Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • MozillaFirefox is affected
  • OR MozillaFirefox-devel is affected
  • OR MozillaFirefox-translations-common is affected
  • OR MozillaFirefox-translations-other is affected
    • Definition Synopsis
  • Release Information
  • SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND MozillaFirefox is affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND
  • MozillaFirefox is affected
  • OR MozillaFirefox-devel is affected
  • OR MozillaFirefox-translations-common is affected
  • OR MozillaFirefox-translations-other is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.2 is installed
  • AND Package Information
  • mozilla-nspr is not affected
  • OR libfreebl3 is not affected
  • OR libfreebl3-hmac is not affected
  • OR libsoftokn3 is not affected
  • OR libsoftokn3-hmac is not affected
  • OR mozilla-nss is not affected
  • OR mozilla-nss-certs is not affected
  • OR mozilla-nss-tools is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.4 is installed
  • AND Package Information
  • mozilla-nspr is not affected
  • OR libfreebl3 is not affected
  • OR libfreebl3-hmac is not affected
  • OR libsoftokn3 is not affected
  • OR libsoftokn3-hmac is not affected
  • OR mozilla-nss is not affected
  • OR mozilla-nss-certs is not affected
  • OR mozilla-nss-tools is not affected
    • BACK