| Una violazione criterio dell’origine permettendo il furto di voci URL cross-origine quando si utilizza la posizione della proprietà Javascript per causare un reindirizzamento a un altro sito utilizzando performance.getEntries (). Si tratta di una violazione delle norme same-origin e potrebbe consentire il furto di dati. Questa vulnerabilità interessa Thunderbird <60.4, Firefox ESR <60.4, e Firefox <64. |
| http://www.securityfocus.com/bid/106168 https://bugzilla.mozilla.org/show_bug.cgi?id=1487964 https://www.mozilla.org/security/advisories/mfsa2018-29/ https://www.mozilla.org/security/advisories/mfsa2018-30/ https://www.mozilla.org/security/advisories/mfsa2018-31/ https://www.debian.org/security/2018/dsa-4354 https://www.debian.org/security/2019/dsa-4362 https://security.gentoo.org/glsa/201903-04 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://usn.ubuntu.com/3844-1/ https://usn.ubuntu.com/3868-1/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494 |
Vulnerabilità: CVE-2018-18494
