NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
| Product: |
| web/server/apache-24 |
| web/server/apache-24/module/apache-ssl |
| web/server/apache-24/module/apache-ssl-fips-140 |
| web/server/apache-24/module/apache-lua |
| web/server/apache-24/module/apache-ldap |
| web/server/apache-24/module/apache-gss |
| web/server/apache-24/module/apache-dbd |
| web/java-servlet/tomcat-8 |
| web/java-servlet/tomcat-8/tomcat-examples |
| web/java-servlet/tomcat-8/tomcat-admin |
| web/data/firefox-bookmarks |
| web/curl |
| web/browser/firefox |
| web/browser/firefox/plugin/firefox-java |
| terminal/cssh |
| terminal/cssh-526 |
| terminal/cssh-522 |
| system/display-manager/gdm |
| system/display-manager/desktop-startup |
| runtime/tcl-8/tcl-sqlite-3 |
| mail/thunderbird |
| mail/thunderbird/plugin/thunderbird-lightning |
| mail/mailman |
| library/speech/espeak |
| library/python/pyatspi2 |
| library/python/pyatspi2-35 |
| library/python/pyatspi2-34 |
| library/python/pyatspi2-27 |
| library/perl-5/xml-simple |
| library/perl-5/xml-simple-526 |
| library/perl-5/xml-simple-522 |
| library/perl-5/xml-sax |
| library/perl-5/xml-sax-base |
| library/perl-5/xml-sax-base-526 |
| library/perl-5/xml-sax-base-522 |
| library/perl-5/xml-sax-526 |
| library/perl-5/xml-sax-522 |
| library/perl-5/xml-parser |
| library/perl-5/xml-parser-526 |
| library/perl-5/xml-parser-522 |
| library/perl-5/xml-namespacesupport |
| library/perl-5/xml-namespacesupport-526 |
| library/perl-5/xml-namespacesupport-522 |
| library/perl-5/xml-libxml |
| library/perl-5/xml-libxml-526 |
| library/perl-5/xml-libxml-522 |
| library/perl-5/pmtools |
| library/perl-5/pmtools-526 |
| library/perl-5/pmtools-522 |
| library/perl-5/perl-x11-protocol |
| library/perl-5/perl-x11-protocol-526 |
| library/perl-5/perl-x11-protocol-522 |
| library/perl-5/perl-tk |
| library/perl-5/perl-tk-526 |
| library/perl-5/perl-tk-522 |
| library/perl-5/net-ssleay |
| library/perl-5/net-ssleay-526 |
| library/perl-5/net-ssleay-522 |
| library/perl-5/gettext |
| library/perl-5/gettext-526 |
| library/perl-5/gettext-522 |
| library/perl-5/dbd-sqlite |
| library/perl-5/dbd-sqlite-526 |
| library/perl-5/dbd-sqlite-522 |
| library/perl-5/dbd-mysql |
| library/perl-5/dbd-mysql-526 |
| library/perl-5/dbd-mysql-522 |
| library/perl-5/database |
| library/perl-5/database-526 |
| library/perl-5/database-522 |
| library/perl-5/authen-pam |
| library/perl-5/authen-pam-526 |
| library/perl-5/authen-pam-522 |
| library/perl-5/CGI |
| library/perl-5/CGI-526 |
| library/perl-5/CGI-522 |
| library/liblouis |
| library/desktop/webkitgtk4 |
| library/desktop/speech-dispatcher |
| library/desktop/dotconf |
| image/library/libjpeg |
| diagnostic/wireshark |
| diagnostic/wireshark/wireshark-common |
| diagnostic/wireshark/tshark |
| database/sqlite-3 |
| database/sqlite-3/documentation |
| database/mysql-57 |
| database/mysql-57/tests |
| database/mysql-57/library |
| database/mysql-57/embedded |
| database/mysql-57/client |
