1. Home
  2. Vulnerabilities
  3. CVE-2018-12391

CVE-2018-12391

CVSS v3.0 8.8 (High)
88% Progress
CVSS v2.0 9.3 (High)
93% Progress
EPSS 0.88 % (83th)
0.88% Progress
Affected Products 4
Advisories 7
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Weaknesses
CWE-863
Incorrect Authorization
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2019-02-28 18:29:00
(5 years ago)
Updated Date
2020-08-24 17:37:01
(4 years ago)

Affected Products

Google

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 63.0 version cpe:2.3:a:mozilla:firefox < 63.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 60.3 version cpe:2.3:a:mozilla:firefox_esr < 60.3
OR  
  Running on/with
  Mozilla Thunderbird prior 60.3 version cpe:2.3:a:mozilla:thunderbird < 60.3
OR  
  Running on/with
  Google Android cpe:2.3:o:google:android:-