CVE-2018-18506

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 65

Description The issue is related to the Proxy Auto-Configuration (PAC) file in Firefox. When proxy auto-detection is enabled, a PAC file can be used to specify that requests to localhost are sent through a proxy to another server. This behavior can allow for attacks on services and tools that bind to localhost for networked behavior if accessed through browsing. The vulnerability can be exploited by a remote attacker using a specially crafted web page to bypass security restrictions during proxy auto-configuration, potentially leading to attacks on services bound to the local host.

Recommendations For versions prior to 65, update to version 65 or later to resolve the issue. As a temporary workaround, consider disabling proxy auto-detection until a patch is available. Restrict access to the localhost to minimize the risk of exploitation. Avoid using the proxy auto-configuration feature in Firefox until the issue is resolved.