Home

CVE-2018-18506

Description

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
2.36

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Mozilla Firefox 64.0.2Windows
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 64.0.2Mac
thunderbird security update(DSA-4392-1) thunderbird_60.5.1-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4392-1) thunderbird_60.5.1-1~deb9u1_amd64.debLinux
firefox-esr security update(DSA-4411-1) firefox-esr_60.6.0esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4411-1) firefox-esr_60.6.0esr-1~deb9u1_amd64.debLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-60.6.1esr-109.63.2.x86_64.rpmLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debuginfo-60.6.1esr-109.63.2.x86_64.rpmLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debugsource-60.6.1esr-109.63.2.x86_64.rpmLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-translations-common-60.6.1esr-109.63.2.x86_64.rpmLinux
(RHSA-2019:1144) thunderbird security update thunderbird-60.6.1-1.el8.x86_64.rpmLinux
(RHSA-2019:1144) thunderbird security update thunderbird-debugsource-60.6.1-1.el8.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234