Medium severity6.5NVD Advisory· Published Feb 28, 2019· Updated Jun 17, 2026
CVE-2018-18499
CVE-2018-18499
Description
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6< 60.2+ 3 more
- (no CPE)range: < 60.2
- (no CPE)range: < 62
- (no CPE)range: unspecified
- (no CPE)range: unspecified
< 60.2.1+ 1 more
- (no CPE)range: < 60.2.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
4- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions RequiredVendor Advisory
- www.mozilla.org/security/advisories/mfsa2018-20/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2018-21/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2018-25/nvdVendor Advisory
News mentions
0No linked articles in our index yet.