First published: Tue Oct 23 2018(Updated: )
By rewriting the `Host` request headers using the `webRequest` API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395">https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395</a>
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <60.3 | 60.3 |
Mozilla Firefox | <63 | 63 |
Mozilla Firefox | <63.0 | |
Mozilla Firefox ESR | <60.3 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Eus | =7.5 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/firefox | 133.0.3-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.5.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.5.0esr-1~deb12u1 128.5.0esr-1 128.5.1esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this vulnerability is CVE-2018-12395.
This vulnerability affects Firefox ESR versions prior to 60.3.
This vulnerability affects Firefox versions prior to 63.0.
This vulnerability affects Debian Debian Linux version 8.0 and 9.0.
This vulnerability affects Canonical Ubuntu Linux versions 14.04, 16.04, 18.04, and 18.10.
This vulnerability affects Redhat Enterprise Linux Desktop versions 6.0 and 7.0.
This vulnerability affects Redhat Enterprise Linux Server versions 6.0, 7.0, and 7.5.
This vulnerability affects Redhat Enterprise Linux Workstation versions 6.0 and 7.0.
To fix this vulnerability, upgrade to Firefox ESR 60.3 or later and Firefox 63.0 or later.
Yes, you can find references for this vulnerability at the following links: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1467523), [Mozilla security advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/), [CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395).
The severity of CVE-2018-12395 is high, with a severity value of 7.5.