[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-18506Date: (C)2019-05-30   (M)2024-03-27


When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.9CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
BID-106773
https://seclists.org/bugtraq/2019/Mar/28
https://seclists.org/bugtraq/2019/Apr/0
DSA-4411
DSA-4420
GLSA-201904-07
RHSA-2019:0622
RHSA-2019:0623
RHSA-2019:0680
RHSA-2019:0681
RHSA-2019:0966
RHSA-2019:1144
USN-3874-1
USN-3927-1
https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html
https://www.mozilla.org/security/advisories/mfsa2019-01/
openSUSE-SU-2019:1056
openSUSE-SU-2019:1077
openSUSE-SU-2019:1126
openSUSE-SU-2019:1162

CPE    263
cpe:/a:mozilla:firefox:37.0
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox:-
cpe:/a:mozilla:firefox:20.0.1
...
CWE    1
CWE-254
OVAL    34
oval:org.secpod.oval:def:2104570
oval:org.secpod.oval:def:89003177
oval:org.secpod.oval:def:70618
oval:org.secpod.oval:def:53040
...

© SecPod Technologies