Cross site scripting

2019-02-2818:29:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.5%

JSON

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
debian_linuxeq9.0
firefoxlt64.0
firefox_esrlt60.4.0
thunderbirdlt60.4.0
enterprise_linux_desktopeq7.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
debian_linux	eq	8.0
debian_linux	eq	9.0
firefox	lt	64.0
firefox_esr	lt	60.4.0
thunderbird	lt	60.4.0
enterprise_linux_desktop	eq	7.0