CVE-2018-12402 — Origin Validation Error in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.4%
top 41.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 28
Latest updateOct 15
Description
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." men…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10