6.5
CVE-2018-12398
- EPSS 1.62%
- Veröffentlicht 28.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:08
- CVE-Watchlists
- Unerledigt
By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.62% | 0.729 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://www.securityfocus.com/bid/105721
http://www.securitytracker.com/id/1041944
https://usn.ubuntu.com/3801-1/
https://www.mozilla.org/security/advisories/mfsa2018-26/
https://bugzilla.mozilla.org/show_bug.cgi?id=1460538
https://bugzilla.mozilla.org/show_bug.cgi?id=1488061