HTTP: Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass
This signature detects attempt to exploit a policy bypass vulnerability which has been reported in Mozilla Firefox. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could allow the attacker to execute arbitrary commands.
Extended Description
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
References
CVE: CVE-2018-12368
Short Name
HTTP:FIREFOX-WEBEXT-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Bypass CVE-2018-12368 Firefox Mozilla Policy SettingContent-ms WebExtensions
Release Date
08/30/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
CVSS Score
9.3