Main Vulnerability Database Vulnerabilities #VU15489

#VU15489 Cross-origin policy bypass in Mozilla Firefox - CVE-2018-12391

Published: October 24, 2018

Vulnerability identifier: #VU15489

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12391

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to audio data can be accessed across origins in violation of security policies during HTTP Live Stream playback on Firefox for Android. A remote attacker can trick the victim into visiting a specially crafted website, bypass cross-origin policies and conduct further attacks.

Remediation

Update to version 63.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/