CVE-2018-12364
Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
Severity Score
Exploit Likelihood
Affected Versions
21Public Exploits
0Exploited in Wild
-Decision
Descriptions
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Los plugins NPAPI, como Adobe Flash, pueden enviar peticiones cross-origin, omitiendo CORS al hacer un POST same-origin que realiza una redirección 307 al sitio objetivo. Esto permite que un sitio malicioso se vea envuelto en ataques Cross-Site Request Forgery (CSRF). La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61.
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-14 CVE Reserved
- 2018-06-29 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104560 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041193 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/0... | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/0... | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2112 | 2018-12-03 | |
| https://access.redhat.com/errata/RHSA-2018:2113 | 2018-12-03 | |
| https://access.redhat.com/errata/RHSA-2018:2251 | 2018-12-03 | |
| https://access.redhat.com/errata/RHSA-2018:2252 | 2018-12-03 | |
| https://security.gentoo.org/glsa/201810-01 | 2018-12-03 | |
| https://security.gentoo.org/glsa/201811-13 | 2018-12-03 | |
| https://usn.ubuntu.com/3705-1 | 2018-12-03 | |
| https://usn.ubuntu.com/3714-1 | 2018-12-03 | |
| https://www.debian.org/security/2018/dsa-4235 | 2018-12-03 | |
| https://www.debian.org/security/2018/dsa-4244 | 2018-12-03 |