exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2018-18506

Status Candidate

Overview

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

Related Files

Red Hat Security Advisory 2019-1144-01
Posted May 13, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1144-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813
MD5 | b7ca47a3d6471ddab077bde9f0d46789
Red Hat Security Advisory 2019-0966-01
Posted May 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0966-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813
MD5 | 1bb3d9a161dd91237f0f9be179b24deb
Gentoo Linux Security Advisory 201904-07
Posted Apr 2, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-7 - Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. Versions less than 60.6.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5824, CVE-2018-18335, CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2018-18506, CVE-2018-18509, CVE-2018-18512, CVE-2018-18513, CVE-2019-5785, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813
MD5 | 92ba9e8ee880006ba890f285ed44030d
Debian Security Advisory 4420-1
Posted Apr 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4420-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796
MD5 | 9c341e17cb151e9b9a82c377fba7c543
Ubuntu Security Notice USN-3927-1
Posted Mar 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3927-1 - It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-18506, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9810
MD5 | 0d66fa4f21353894c143dec150943113
Red Hat Security Advisory 2019-0681-01
Posted Mar 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0681-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813
MD5 | 01ac391f7e90be5fbb1920c893aadf29
Red Hat Security Advisory 2019-0680-01
Posted Mar 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0680-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813
MD5 | 1f9333cb1d74207d12f7fc3b22528d84
Debian Security Advisory 4411-1
Posted Mar 21, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4411-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796
MD5 | a55828919dc149d864f25e35999b7b7d
Red Hat Security Advisory 2019-0623-01
Posted Mar 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0623-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796
MD5 | ff510861267b5328f8b5c0f5348eb1ed
Red Hat Security Advisory 2019-0622-01
Posted Mar 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0622-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796
MD5 | 3c1f530646d87e122ac4fe44de5a8ce6
Ubuntu Security Notice USN-3874-1
Posted Jan 31, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3874-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-18500, CVE-2018-18504, CVE-2018-18505, CVE-2018-18506
MD5 | 0610de62126292ee797c34a48f213f8a
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    26 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close