[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18494

ID: oval:org.secpod.oval:def:49894Date: (C)2018-12-17   (M)2023-11-19
Class: VULNERABILITYFamily: macos




Mozilla Firefox 64, Mozilla Firefox ESR 60.4, Mozilla Thunderbird 60.4 : A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X 10.13
Apple Mac OS X 10.14
Product:
Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Reference:
CVE-2018-18494
CVE    1
CVE-2018-18494
CPE    325
cpe:/a:mozilla:firefox:37.0
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox_esr:17.0.10
cpe:/a:mozilla:firefox_esr:38.0
...

© SecPod Technologies