Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12391

Опубликовано: 28 фев. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 9.3
CVSS3: 8.8

Описание

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

РелизСтатусПримечание
bionic

not-affected

Android only
cosmic

not-affected

Android only
devel

not-affected

Android only
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [Android only]]
precise/esm

DNE

trusty

not-affected

Android only
trusty/esm

DNE

trusty was not-affected [Android only]
upstream

released

63.0
xenial

not-affected

Android only

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00547
Низкий

9.3 Critical

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12391

CVSS3: 8.8
redhat
больше 7 лет назад

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

nvd логотип

CVE-2018-12391

CVSS3: 8.8
nvd
почти 7 лет назад

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

debian логотип

CVE-2018-12391

CVSS3: 8.8
debian
почти 7 лет назад

During HTTP Live Stream playback on Firefox for Android, audio data ca ...

github логотип

GHSA-77j4-f249-58h4

CVSS3: 8.8
github
больше 3 лет назад

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

fstec логотип

BDU:2019-03472

CVSS3: 8.8
fstec
больше 7 лет назад

Уязвимость реализации протокола HTTP Live Streaming браузеров Firefox и Firefox ESR и почтового клиента Thunderbird для Android, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 67%
0.00547
Низкий

9.3 Critical

CVSS2

8.8 High

CVSS3