CVE-2018-12358Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information ExposureCWE-829Inclusion of Functionality from Untrusted Control Sphere10 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 47.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxCanonical Ubuntu Linux
Timeline
PublishedOct 18
Latest updateMay 14

Description

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

debiandebian/firefox< firefox 61.0-1 (sid)
CVEListV5mozilla/firefoxunspecified61
NVDmozilla/firefox< 61.0
Ubuntumozilla/firefox< 61.0.1+build1-0ubuntu0.14.04.1+5

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

4
GHSA
GHSA-3cx6-6fxx-6j34: Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses whi2022-05-14
OSV
firefox regressions2018-07-10
OSV
firefox vulnerabilities2018-07-05
OSV
CVE-2018-12358: Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses whi2018-06-27

📋Vendor Advisories

4
Ubuntu
Firefox regressions2018-07-10
Ubuntu
Firefox vulnerabilities2018-07-05
Red Hat
Mozilla: Same-origin bypass using service worker and redirection2018-06-26
Debian
CVE-2018-12358: firefox - Service workers can use redirection to avoid the tainting of cross-origin resour...2018

💬Community

1
Bugzilla
CVE-2018-12358 Mozilla: Same-origin bypass using service worker and redirection2018-06-26