CVE: CVE-2018-12364

Descrizione: NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Vettore di attacco

Riferimenti esterni

• https://security.gentoo.org/glsa/201810-01
• https://www.mozilla.org/security/advisories/mfsa2018-15/
• https://access.redhat.com/errata/RHSA-2018:2112
• https://security.gentoo.org/glsa/201811-13
• https://www.debian.org/security/2018/dsa-4235
• https://www.mozilla.org/security/advisories/mfsa2018-18/
• https://access.redhat.com/errata/RHSA-2018:2113
• https://www.mozilla.org/security/advisories/mfsa2018-16/
• https://www.debian.org/security/2018/dsa-4244
• http://www.securityfocus.com/bid/104560
• http://www.securitytracker.com/id/1041193
• https://www.mozilla.org/security/advisories/mfsa2018-19/
• https://access.redhat.com/errata/RHSA-2018:2252
• https://bugzilla.mozilla.org/show_bug.cgi?id=1436241
• https://www.mozilla.org/security/advisories/mfsa2018-17/
• https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
• https://access.redhat.com/errata/RHSA-2018:2251
• https://usn.ubuntu.com/3705-1/
• https://usn.ubuntu.com/3714-1/
• https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html

Prodotti interessati

• Mozilla – Thunderbird
• Mozilla – Firefox ESR
• Mozilla – Firefox

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2018
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Thunderbird
Anno: 2018
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2018
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2018)