[Forgot Password]
Login  Register Subscribe

24544

 
 

132176

 
 

121239

 
 

909

 
 

98883

 
 

148

Paid content will be excluded from the download.


Download | Alert*
OVAL

Security bypass vulnerability in Mozilla Firefox and Firefox ESR - CVE-2018-12395

ID: oval:org.secpod.oval:def:48212Date: (C)2018-10-25   (M)2018-11-17
Class: VULNERABILITYFamily: windows




Mozilla Firefox 63, Mozilla Firefox ESR 60.3 : By rewriting the Host request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted.

Platform:
Microsoft Windows Server 2003
Microsoft Windows 8
Microsoft Windows XP
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Product:
Mozilla Firefox
Mozilla Firefox ESR
Reference:
CVE-2018-12395
CPE    4
cpe:/a:mozilla:firefox_esr:::x64
cpe:/a:mozilla:firefox_esr:::x86
cpe:/a:mozilla:firefox:::x64
cpe:/a:mozilla:firefox:::x86
...

© SecPod Technologies