Linux Distros Unpatched Vulnerability : CVE-2018-18506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify...

SUSE CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

SUSE CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

CVE-2018-18506

CVE-2018-18506 is a PAC-related issue where a PAC file can cause localhost requests to be proxied. Connected documents confirm Thunderbird is affected and publicly patched: Thunderbird 60.6.1 fixes were released across AL2 (ALAS2-2019-1195), CentOS/RHEL advisories (RHSA-2019:0680/0681), and Debia...

USN-3874-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. CVE-2018-18500,...

DEBIAN-CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

chromium-browser: Insufficient policy enforcement in Proxy

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...