A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a…
mozilla·CWE-346·Published 2019-02-28
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Una violación de una política del mismo origen permite el robo de entradas URL Cross-Origin cuando utiliza la propiedad de ubicación JavaScript para provocar un redireccionamiento a otro sitio utilizando performance.getEntries(). Esta es una violación de la política del mismo origen y podría permitir el robo de datos. Esta vulnerabilidad afecta a las versiones anteriores a la 60.4 de Thunderbird, las versiones anteriores a la 60.4 de Firefox ESR y las versiones anteriores a la 64 de Firefox.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.3 | 8.6 | 2.9 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
| 3.0 | Primary | NVD | 6.5 | 2.8 | 3.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |