CVE-2018-12391

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

References

http://www.securityfocus.com/bid/105718

http://www.securityfocus.com/bid/105769

http://www.securitytracker.com/id/1041944

https://bugzilla.mozilla.org/show_bug.cgi?id=1478843

https://security.gentoo.org/glsa/201811-13

https://www.mozilla.org/security/advisories/mfsa2018-26/

https://www.mozilla.org/security/advisories/mfsa2018-27/

https://www.mozilla.org/security/advisories/mfsa2018-28/

Details

Source: MITRE

Published: 2019-02-28

Updated: 2020-08-24

Type: CWE-863

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
123332openSUSE Security Update : MozillaThunderbird (openSUSE-2019-772)NessusSuSE Local Security Checks
high
700410Mozilla Firefox < 63 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
119133GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
118817openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1340)NessusSuSE Local Security Checks
critical
118593Mozilla Thunderbird < 60.3 Multiple VulnerabilitiesNessusWindows
high
118592Mozilla Thunderbird < 60.3 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
118397Mozilla Firefox < 63 Multiple VulnerabilitiesNessusWindows
high
118396Mozilla Firefox < 63 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
118395Mozilla Firefox ESR < 60.3 Multiple VulnerabilitiesNessusWindows
high
118394Mozilla Firefox ESR < 60.3 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
118336FreeBSD : mozilla -- multiple vulnerabilities (7c3a02b9-3273-4426-a0ba-f90fad2ff72e)NessusFreeBSD Local Security Checks
critical