CVE-2018-12358

Source
Severity High
Remote Yes
Type Same-origin policy bypass
Description
Service workers in Firefox before 61.0 can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque.
Group Package Affected Fixed Severity Status Ticket
AVG-727 firefox 60.0.2-1 61.0-1 Critical Fixed
Date Advisory Group Package Severity Description
27 Jun 2018 ASA-201806-14 AVG-727 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12358
https://bugzilla.mozilla.org/show_bug.cgi?id=1467852