CVE-2018-12391

EPSS 2.1%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

28 Feb 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1478843 https://security.gentoo.org/glsa/201811-13 https://www.mozilla.org/security/advisories/mfsa2018-26/https://www.mozilla.org/security/advisories/mfsa2018-27/https://www.mozilla.org/security/advisories/mfsa2018-28/http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944