mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
1.2 KiB
1.2 KiB
CVE-2019-11712
Description
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
POC
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1543804
- https://bugzilla.mozilla.org/show_bug.cgi?id=1543804
Github
No PoCs found on GitHub currently.