Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12364

Опубликовано: 26 июн. 2018
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2018:211228.06.2018
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2018:225124.07.2018
Red Hat Enterprise Linux 7firefoxFixedRHSA-2018:211328.06.2018
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2018:225224.07.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-829
https://bugzilla.redhat.com/show_bug.cgi?id=1595029Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

EPSS

Процентиль: 85%
0.0267
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12364

CVSS3: 8.8
ubuntu
около 7 лет назад

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

nvd логотип

CVE-2018-12364

CVSS3: 8.8
nvd
около 7 лет назад

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

debian логотип

CVE-2018-12364

CVSS3: 8.8
debian
около 7 лет назад

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ...

github логотип

GHSA-xf8j-qg2r-c2q8

CVSS3: 8.8
github
больше 3 лет назад

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

fstec логотип

BDU:2019-03466

CVSS3: 8.8
fstec
больше 7 лет назад

Уязвимость плагина NPAPI браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 85%
0.0267
Низкий

8.8 High

CVSS3