Linux Distros Unpatched Vulnerability : CVE-2018-18506

🗓️ 15 Aug 2025 00:00:00Reported by TenableType

Unpatched Linux/Unix for CVE-2018-18506; PAC can route localhost via proxy; Firefox <65; no patch.

Reporter	Title	Published	Views	Family All 154
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 60.6.0-alt1	21 Mar 201900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 60.6.0-alt1	21 Mar 201900:00	–	altlinux
Tenable Nessus	Mozilla Firefox < 65.0 Multiple Vulnerabilities	31 Jan 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2019-1195)	26 Apr 201900:00	–	nessus
Tenable Nessus	CentOS 8 : firefox (CESA-2019:0966)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (CESA-2019:0622)	25 Mar 201900:00	–	nessus
Tenable Nessus	CentOS 6 : firefox (CESA-2019:0623)	25 Mar 201900:00	–	nessus
Tenable Nessus	CentOS 6 : thunderbird (CESA-2019:0680)	2 Apr 201900:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (CESA-2019:0681)	2 Apr 201900:00	–	nessus
Tenable Nessus	Debian DLA-1722-1 : firefox-esr security update	25 Mar 201900:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2018-18506
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(249586);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/15");

  script_cve_id("CVE-2018-18506");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2018-18506");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a
    PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent
    through the proxy to another server. This behavior is disallowed by default when a proxy is manually
    configured, but when enabled could allow for attacks on services and tools that bind to the localhost for
    networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.
    (CVE-2018-18506)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2018-18506");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18506");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozjs38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozjs52");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "libmozjs-52-0"},
          {"reference": "libmozjs-52-dev"},
          {"reference": "mozjs38"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "mozjs52"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

15 Aug 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 24.3

CVSS 3.15.9

EPSS0.01107