CVE-2018-18494:Same-origin policy violation in Thunderbird, Firefox ESR, and Firefox allows for data theft.

splash
Back

Description Preview

A same-origin policy violation in Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64 allows for the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This vulnerability could lead to data theft.

Overview

This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64, allowing for the theft of cross-origin URL entries through a same-origin policy violation using the location attribute and performance.getEntries.

Remediation

Users and administrators are advised to update Thunderbird to version 60.4 or later, Firefox ESR to version 60.4 or later, and Firefox to version 64 or later to mitigate the same-origin policy violation vulnerability. It is recommended to apply security patches provided by the respective vendors to address this issue.

References

  1. Mozilla Security Advisory
  2. Debian LTS Announcement
  3. Red Hat Security Advisory RHSA-2018:3833
  4. Red Hat Security Advisory RHSA-2018:3831
  5. Debian Security Advisory DSA-4362
  6. Gentoo Linux Security Advisory GLSA-201903-04
  7. Ubuntu Security Notice USN-3844-1
  8. CVE Details on SecurityFocus
  9. Red Hat Security Advisory RHSA-2019:0159
  10. Mozilla Security Advisory
  11. Mozilla Security Advisory
  12. Bugzilla Mozilla
  13. Debian Security Advisory DSA-4354
  14. Ubuntu Security Notice USN-3868-1
  15. Red Hat Security Advisory RHSA-2019:0160

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance
    Health Care & Social Assistance
  2. Manufacturing
    Manufacturing
  3. Public Administration
    Public Administration
  4. Educational Services
    Educational Services
  5. Transportation & Warehousing
    Transportation & Warehousing
  6. Finance and Insurance
    Finance and Insurance
  7. Retail Trade
    Retail Trade
  8. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  9. Utilities
    Utilities
  10. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  11. Other Services (except Public Administration)
    Other Services (except Public Administration)
  12. Information
    Information
  13. Management of Companies & Enterprises
    Management of Companies & Enterprises
  14. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  15. Accommodation & Food Services
    Accommodation & Food Services
  16. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  17. Construction
    Construction
  18. Mining
    Mining
  19. Wholesale Trade
    Wholesale Trade
  20. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database