5.9

CVE-2018-18506

EPSS 2.44%
Veröffentlicht 05.02.2019 21:29:00
Zuletzt bearbeitet 21.11.2024 03:56:04
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 65.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version42.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.44%	0.847

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://security.gentoo.org/glsa/201904-07

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:1144

Third Party Advisory

https://usn.ubuntu.com/3874-1/

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2019-01/

Vendor Advisory

http://www.securityfocus.com/bid/106773

Third Party Advisory

Broken Link

VDB Entry

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html

Third Party Advisory

Broken Link

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:0622

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0623

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0680

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0681

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0966

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2019/Apr/0

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2019/Mar/28

Third Party Advisory

Mailing List

https://usn.ubuntu.com/3927-1/

Third Party Advisory

https://www.debian.org/security/2019/dsa-4411

Third Party Advisory

https://www.debian.org/security/2019/dsa-4420

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-18506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18506

EUVD