mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 06:06:44 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2018-18494
Description
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
POC
Reference
Github
No PoCs found on GitHub currently.