{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T06:47:41.426","vulnerabilities":[{"cve":{"id":"CVE-2018-12369","sourceIdentifier":"security@mozilla.org","published":"2018-10-18T13:29:03.663","lastModified":"2025-11-25T17:50:16.803","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61."},{"lang":"es","value":"Las WebExtensions incluidas con los experimentos embebidos no se comprobaron correctamente en busca de una autorización adecuada. Esto permitía que una WebExtension maliciosa obtenga los permisos totales del navegador. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.1 y Firefox en versiones anteriores a la 61."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"60.1.0","matchCriteriaId":"E0B20A98-EBA3-45DE-B639-8BE69B575931"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"61.0","matchCriteriaId":"2F47E7EA-86AF-46A8-8E17-3360A8AE8492"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","matchCriteriaId":"9070C9D8-A14A-467F-8253-33B966C16886"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104561","source":"security@mozilla.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041193","source":"security@mozilla.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1454909","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201810-01","source":"security@mozilla.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3705-1/","source":"security@mozilla.org","tags":["Third Party Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2018-15/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2018-16/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/104561","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1454909","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201810-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3705-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2018-15/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2018-16/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}