Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11712

Опубликовано: 10 июл. 2019
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 6firefoxFixedRHSA-2019:176511.07.2019
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2019:177715.07.2019
Red Hat Enterprise Linux 7firefoxFixedRHSA-2019:176311.07.2019
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2019:177515.07.2019
Red Hat Enterprise Linux 8firefoxFixedRHSA-2019:176411.07.2019
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2019:179916.07.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-829
https://bugzilla.redhat.com/show_bug.cgi?id=1728432Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

EPSS

Процентиль: 59%
0.00376
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11712

CVSS3: 8.8
ubuntu
больше 6 лет назад

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

nvd логотип

CVE-2019-11712

CVSS3: 8.8
nvd
больше 6 лет назад

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

debian логотип

CVE-2019-11712

CVSS3: 8.8
debian
больше 6 лет назад

POST requests made by NPAPI plugins, such as Flash, that receive a sta ...

github логотип

GHSA-f95x-f7xq-cfm6

CVSS3: 8.8
github
больше 3 лет назад

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

fstec логотип

BDU:2019-02934

CVSS3: 8.8
fstec
больше 6 лет назад

Уязвимость плагина NPAPI браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить межсайтовую подделку запросов

EPSS

Процентиль: 59%
0.00376
Низкий

8.8 High

CVSS3