![]() #CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android Reporter Jordi Chancel Impact low Description Other operating systems are not affected. Note: this issue only affects Windows operating systems with Outlook installed. Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. #CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation Reporter Jana Squires Impact low Description On Linux systems, autofs must be installed for the vulnerability to occur and Windows is not affected. Note: this issue only affects OS X in default configurations. Content can be loaded from this mounted file system directly using a file: URI, bypassing configured proxy settings. #CVE-2017-16541: Proxy bypass using automount and autofs Reporter Filippo Cavallarin Impact moderate Descriptionīrowser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. #CVE-2018-12379: Out-of-bounds write with malicious MAR file Reporter Holger Fuhrmannek Impact moderate Description This is a same-origin policy violation and could allow for data theft. ![]() #CVE-2018-18499: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs Reporter James Lee of Kryptos Logic Impact high DescriptionĪ same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This results in a potentially exploitable crash. #CVE-2018-12378: Use-after-free in IndexedDB Reporter Zhanjia Song Impact high DescriptionĪ use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. #CVE-2018-12377: Use-after-free in refresh driver timers Reporter Nils Impact high DescriptionĪ use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Mozilla Foundation Security Advisory 2018-20 Security vulnerabilities fixed in Firefox 62 Announced SeptemImpact critical Products Firefox Fixed in
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |