CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63.

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63.

El código "WebBrowserPersist" interno no utiliza el contexto de origen correcto para que se guarde un recurso. Esto se manifiesta al cargar subrecursos como parte de la funcionalidad "Guardar página como...". Por ejemplo, una página maliciosa podría recuperar el nombre de usuario y hash NTLM de Windows de un usuario invitado, incluyendo recursos que, normalmente, no podrían alcanzar a dicha página maliciosa, si logra convencer al usuario para que guarde la página web completa. Asimismo, las cookies SameSite se envían en peticiones Cross-Origin cuando se selecciona el ítem de menú "Guardar página como...", lo que podría conducir al guardado incorrecto de recursos que se basan en dichas cookies. Esta vulnerabilidad afecta a las versiones anteriores a la 63 de Firefox.