8.8

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
CanonicalUbuntu Linux Version18.04 SwEditionlts
MozillaFirefox Version < 61.0
MozillaFirefox Version >= 53.0 < 60.1.0
MozillaFirefox ESR Version < 52.9
MozillaThunderbird Version < 52.9
MozillaThunderbird Version >= 52.9.1 < 60.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.82% 0.761
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://security.gentoo.org/glsa/201810-01
Third Party Advisory
https://security.gentoo.org/glsa/201811-13
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2112
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2113
Third Party Advisory
http://www.securitytracker.com/id/1041193
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3705-1/
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-15/
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2251
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2252
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3714-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4235
Third Party Advisory
https://www.debian.org/security/2018/dsa-4244
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-16/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-17/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-18/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-19/
Vendor Advisory
http://www.securityfocus.com/bid/104560
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1436241
Vendor Advisory
Issue Tracking
Permissions Required