cve/CVE-2019-11712.md at 9ac4b787af2fa0b7575b28040edee6199ce9a667

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

POC

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1543804

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Blame History

CVE-2019-11712

Description

POC

Reference

Github

1.1 KiB

Raw Blame History