QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-18506

Back to search

CVE-2018-18506

Published: Feb 5, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

VendorProductVersions

Mozilla

Firefox

affected
unspecified - < 65

References

106773
vdb-entry
x_refsource_BID
USN-3874-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:0623
vendor-advisory
x_refsource_REDHAT
RHSA-2019:0622
vendor-advisory
x_refsource_REDHAT
DSA-4411
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2019:1056
vendor-advisory
x_refsource_SUSE
RHSA-2019:0680
vendor-advisory
x_refsource_REDHAT
RHSA-2019:0681
vendor-advisory
x_refsource_REDHAT
USN-3927-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2019:1077
vendor-advisory
x_refsource_SUSE
DSA-4420
vendor-advisory
x_refsource_DEBIAN
GLSA-201904-07
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2019:1126
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1162
vendor-advisory
x_refsource_SUSE
RHSA-2019:0966
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1144
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now