返回 CVE 瀏覽器

CVE-2018-16983

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1470%

EPSS Percentile8.98th

Published2018年9月13日

Last Modified2024年11月21日

Vulnerability Description

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.

Affected Platforms (CPE)

📦

Noscript

Noscript

< 5.1.8.7

📦

Torproject

Tor Browser

>= 7.0.0 and <= 7.0.11

References & Advisories

🔗 https://noscript.net/getit#classic

🔗 https://twitter.com/Zerodium/status/1039127214602641409

🔗 https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/

🔗 https://noscript.net/getit#classic

🔗 https://twitter.com/Zerodium/status/1039127214602641409

🔗 https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/

相關漏洞威脅

CVE-2004-139010.0

Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long ...

CVE-2020-40547.3

In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. ...

CVE-2019-129706.1

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type ele...

CVE-2020-68026.1

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitel...