PT-2018-3174 · Mozilla+2 · Firefox+2

Yiğit Can Yilmaz

·

Published

2018-10-23

·

Updated

2024-12-12

·

CVE-2018-12403

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 63
Description The issue arises when a website loaded over HTTPS loads a favicon resource over HTTP, resulting in the mixed content warning not being displayed to users. This could potentially allow a remote attacker to conduct spoofing attacks by exploiting the lack of a mixed content warning.
Recommendations For versions prior to 63, update to version 63 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP resources for favicon loading until a patch is available.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-356CWE-290

Related Identifiers

ALT-PU-2018-2645
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2019-04305
CVE-2018-12403
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
USN-3801-1
USN-3801-2

Affected Products

Alt Linux
Firefox
Ubuntu