mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
1.2 KiB
1.2 KiB
CVE-2018-18494
Description
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
POC
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
- https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
Github
No PoCs found on GitHub currently.