cnvd - cnvd-2018-21818

cnvd-2018-21818

Vulnerability from cnvd

Title

Mozilla Firefox和Firefox ESR重定向漏洞

Description

Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。基于Windows平台的Mozilla Firefox ESR 60.2之前版本和Firefox 62之前版本中存在安全漏洞，该漏洞源于当Windows上的Outlook邮件栏被错误地解释成URL时，手动拖放邮件消息到浏览器中会触发页面导航。远程攻击者可利用该漏洞重定向用户至恶意网站。

Severity

中

Patch Name

Mozilla Firefox和Firefox ESR重定向漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/

Impacted products

Name
['Mozilla Firefox ESR <60.2', 'Mozilla Firefox <62']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105280"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12381",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12381"
    }
  },
  "description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Mozilla Firefox ESR 60.2\u4e4b\u524d\u7248\u672c\u548cFirefox 62\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53Windows\u4e0a\u7684Outlook\u90ae\u4ef6\u680f\u88ab\u9519\u8bef\u5730\u89e3\u91ca\u6210URL\u65f6\uff0c\u624b\u52a8\u62d6\u653e\u90ae\u4ef6\u6d88\u606f\u5230\u6d4f\u89c8\u5668\u4e2d\u4f1a\u89e6\u53d1\u9875\u9762\u5bfc\u822a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u5b9a\u5411\u7528\u6237\u81f3\u6076\u610f\u7f51\u7ad9\u3002",
  "discovererName": "Jana Squires",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-20/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21818",
  "openTime": "2018-10-26",
  "patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Mozilla Firefox ESR 60.2\u4e4b\u524d\u7248\u672c\u548cFirefox 62\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53Windows\u4e0a\u7684Outlook\u90ae\u4ef6\u680f\u88ab\u9519\u8bef\u5730\u89e3\u91ca\u6210URL\u65f6\uff0c\u624b\u52a8\u62d6\u653e\u90ae\u4ef6\u6d88\u606f\u5230\u6d4f\u89c8\u5668\u4e2d\u4f1a\u89e6\u53d1\u9875\u9762\u5bfc\u822a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u5b9a\u5411\u7528\u6237\u81f3\u6076\u610f\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u548cFirefox ESR\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox ESR \u003c60.2",
      "Mozilla Firefox \u003c62"
    ]
  },
  "referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-12",
  "title": "Mozilla Firefox\u548cFirefox ESR\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

CVE-2018-12381 (GCVE-0-2018-12381)

Vulnerability from cvelistv5

Published

2018-10-18 13:00

Modified

2024-08-05 08:30

Severity ?

CWE

Dragging and dropping Outlook email message results in page navigation

Summary

Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.

References

URL

Tags

	http://www.securityfocus.com/bid/105280	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201810-01	vendor-advisory, x_refsource_GENTOO
	https://www.mozilla.org/security/advisories/mfsa2018-20/	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041610	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2018-21/	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1435319	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Mozilla

Firefox ESR

Version: unspecified < 60.2

Mozilla

Firefox

Version: unspecified < 62

Show details on NVD website