First published: Thu Sep 13 2018(Updated: )
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Noscript Noscript | <5.1.8.7 | |
Torproject Tor Browser | >=7.0.0<=7.0.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16983 is a vulnerability in NoScript Classic before version 5.1.8.7, as used in Tor Browser 7.x and other products, that allows attackers to bypass script blocking via the text/html;/json Content-Type value.
CVE-2018-16983 has a severity rating of 9.8 in the Common Vulnerability Scoring System (CVSS), which is considered critical.
NoScript Classic versions before 5.1.8.7 and Tor Browser versions between 7.0.0 and 7.0.11 are affected by CVE-2018-16983.
To fix the CVE-2018-16983 vulnerability, users should update to NoScript Classic version 5.1.8.7 or later and Tor Browser version 7.0.12 or later.
More information about CVE-2018-16983 can be found at the following references: - NoScript Classic: https://noscript.net/getit#classic - Zerodium tweet: https://twitter.com/Zerodium/status/1039127214602641409 - ZDNet article: https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/