CVE-2018-16983 — Noscript vulnerability

5 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 40.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Noscript Torproject TOR Browser

Timeline

PublishedSep 13

Latest updateMay 13

Description

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDnoscript/noscript< 5.1.8.7

▶NVDtorproject/tor_browser7.0.0 — 7.0.11

🔴Vulnerability Details

GHSA

GHSA-v8jx-7m24-m4pm: NoScript Classic before 5↗2022-05-13

▶

📄Research Papers

arXiv

Cleaning the NVD: Comprehensive Quality Assessment, Improvements, and Analyses↗2020-06-26

▶

💬Community

Bugzilla

CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value [epel-all]↗2018-09-14

▶

Bugzilla

CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value↗2018-09-14

▶