Lucene search

K

Veracode Vulnerability DatabaseVERACODE:19406

HistoryMay 16, 2019 - 3:07 a.m.

Cross-Site Request Forgery (CSRF)

2019-05-1603:07:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Thunderbird, Firefox ESR and Firefox are vulnerable to cross-site request forgery. A remote unauthenticated attacker can send non-simple requests to bypass cross-origin restrictions and conduct cross-site request forgery attacks via an NPAPI plugin.

CPENameOperatorVersion
firefoxeq38.6.1__1.el6_7
firefoxeq3.6.17__1.el6_0
firefoxeq31.5.0__1.el6_6
firefoxeq24.4.0__1.el6_5
firefoxeq38.7.0__1.el6_7
firefoxeq10.0.8__1.el6_3
firefoxeq10.0.5__1.el6_2
firefoxeq3.6.14__4.el6_0
firefoxeq17.0.10__1.el6_4
firefoxeq38.1.1__1.el6_7

Rows per page:

1-10 of 3161

References

www.securityfocus.com/bid/104560

www.securitytracker.com/id/1041193

access.redhat.com/errata/RHSA-2018:2112

access.redhat.com/errata/RHSA-2018:2113

access.redhat.com/errata/RHSA-2018:2251

access.redhat.com/errata/RHSA-2018:2252

access.redhat.com/security/updates/classification/#critical

bugzilla.mozilla.org/show_bug.cgi?id=1436241

lists.debian.org/debian-lts-announce/2018/06/msg00014.html

lists.debian.org/debian-lts-announce/2018/07/msg00013.html

security.gentoo.org/glsa/201810-01

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3705-1/

usn.ubuntu.com/3714-1/

www.debian.org/security/2018/dsa-4235

www.debian.org/security/2018/dsa-4244

www.mozilla.org/en-US/security/advisories/mfsa2018-16/

www.mozilla.org/security/advisories/mfsa2018-15/

www.mozilla.org/security/advisories/mfsa2018-16/

www.mozilla.org/security/advisories/mfsa2018-17/

www.mozilla.org/security/advisories/mfsa2018-18/

www.mozilla.org/security/advisories/mfsa2018-19/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:19406

cve1 redhatcve1 debiancve1 prion1 ubuntucve1 ibm1 debian4 nessus54 osv4 openvas35 suse8 mageia4 mozilla5 ubuntu3 oraclelinux3 redhat4 centos4 archlinux2 amazon1 kaspersky3 altlinux3 freebsd1 gentoo2