{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1489?format=json","vulnerability_id":"VCID-p9vs-74e9-gqcf","summary":"Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations.","aliases":[{"alias":"CVE-2018-18497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1732?format=json","purl":"pkg:alpm/archlinux/firefox@63.0.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ctk-v1dr-27he"},{"vulnerability":"VCID-4rty-xgn3-fuby"},{"vulnerability":"VCID-9s3m-fes9-xqh2"},{"vulnerability":"VCID-axs7-cedu-23hw"},{"vulnerability":"VCID-bdbe-964v-pfht"},{"vulnerability":"VCID-btsh-x8sa-57fd"},{"vulnerability":"VCID-h916-7jyk-9qfn"},{"vulnerability":"VCID-p9vs-74e9-gqcf"},{"vulnerability":"VCID-xxkg-b8ep-6yga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0.3-1"}],"references":[{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9vs-74e9-gqcf"}