CVE-2018-12391 (retired)

Priority
Description
During HTTP Live Stream playback on Firefox for Android, audio data can be
accessed across origins in violation of security policies. Because the
problem is in the underlying Android service, this issue is addressed by
treating all HLS streams as cross-origin and opaque to access. *Note: this
issue only affects Firefox for Android. Desktop versions of Firefox are
unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3,
and Thunderbird < 60.3.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (63.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (Android only)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (Android only)
Ubuntu 19.04 (Disco Dingo):not-affected (Android only)
More Information

Updated: 2019-10-09 08:02:55 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)