Описание
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 51.0.1+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [51.0.1+build2-0ubuntu0.14.04.1]] |
| precise | released | 51.0.1+build2-0ubuntu0.12.04.1 |
| trusty | released | 51.0.1+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [51.0.1+build2-0ubuntu0.14.04.1] |
| upstream | released | 51 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 51.0.1+build2-0ubuntu0.16.04.1 |
| yakkety | released | 51.0.1+build2-0ubuntu0.16.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | |
| yakkety | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.
Proxy Auto-Config (PAC) files can specify a JavaScript function called ...
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3