CVE-2018-18494
CVSS v3.0
6.5 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.19 % (56th)
Affected Products
11
Advisories
26
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Weaknesses
- CWE-346
- Origin Validation Error
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2019-02-28 18:29:01
(5 years ago) - Updated Date
-
2019-03-11 15:09:35
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...