Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-12391

Published: 28/02/2019 Updated: 24/08/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Thunderbird

Vulnerability Summary

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

mozilla firefox_esr

mozilla firefox

Vendor Advisories

Red Hat: CVE-2018-12391
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized, the details for this candidate will be provided ...
Mozilla: Security vulnerabilities fixed in Thunderbird ESR 60.3
Mozilla Foundation Security Advisory 2018-28 Security vulnerabilities fixed in Thunderbird ESR 603 Announced October 31, 2018 Impact critical Products Thunderbird Fixed in Thunderbird 603 ...
Mozilla: Security vulnerabilities fixed in Firefox ESR 60.3
Mozilla Foundation Security Advisory 2018-27 Security vulnerabilities fixed in Firefox ESR 603 Announced October 23, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 603 ...
Mozilla: Security vulnerabilities fixed in Firefox 63
Mozilla Foundation Security Advisory 2018-26 Security vulnerabilities fixed in Firefox 63 Announced October 23, 2018 Impact critical Products Firefox Fixed in Firefox 63 ...

References

CWE-863https://www.mozilla.org/security/advisories/mfsa2018-28/https://www.mozilla.org/security/advisories/mfsa2018-27/https://www.mozilla.org/security/advisories/mfsa2018-26/https://bugzilla.mozilla.org/show_bug.cgi?id=1478843https://security.gentoo.org/glsa/201811-13http://www.securitytracker.com/id/1041944http://www.securityfocus.com/bid/105769http://www.securityfocus.com/bid/105718https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-12391
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook