Lucene search

K
cvelistMozillaCVELIST:CVE-2018-12370
HistoryOct 18, 2018 - 1:00 p.m.

CVE-2018-12370

2018-10-1813:00:00
mozilla
www.cve.org

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "61",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%