CVE-2018-12364
CVSS v3.0
8.8 (High)
CVSS v2.0
6.8 (Medium)
EPSS
0.32 % (71th)
Affected Products
11
Advisories
30
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Weaknesses
- CWE-352
- Cross-Site Request Forgery (CSRF)
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2018-10-18 13:29:02
(6 years ago) - Updated Date
-
2018-12-03 20:10:14
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...