CVE-2018-12395: By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access…

high7.5CVSS 3.0

AVNACLPRNUINSUCHINAN

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox	< firefox 63.0-1 (sid)	firefox 63.0-1 (sid)
debian	firefox-esr	< firefox 63.0-1 (sid)	firefox 63.0-1 (sid)
mozilla	firefox	< 63.0	63.0
mozilla	firefox	>= 0 < 63.0.3+build1-0ubuntu0.14.04.1	63.0.3+build1-0ubuntu0.14.04.1
mozilla	firefox	>= 0 < 63.0+build2-0ubuntu0.14.04.2	63.0+build2-0ubuntu0.14.04.2
mozilla	firefox	>= 0 < 63.0.3+build1-0ubuntu0.16.04.1	63.0.3+build1-0ubuntu0.16.04.1
mozilla	firefox	>= 0 < 63.0+build2-0ubuntu0.16.04.2	63.0+build2-0ubuntu0.16.04.2
mozilla	firefox	>= 0 < 63.0.3+build1-0ubuntu0.18.04.1	63.0.3+build1-0ubuntu0.18.04.1
mozilla	firefox	>= 0 < 63.0+build2-0ubuntu0.18.04.2	63.0+build2-0ubuntu0.18.04.2
mozilla	firefox	>= unspecified < 63	63
mozilla	firefox_esr	< 60.3	60.3
mozilla	firefox_esr	>= unspecified < 60.3	60.3
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_workstation	—	—
redhat	enterprise_linux_workstation	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

osv8.8HIGH