CVE-2018-12391

Priority
Description
During HTTP Live Stream playback on Firefox for Android, audio data can be
accessed across origins in violation of security policies. Because the
problem is in the underlying Android service, this issue is addressed by
treating all HLS streams as cross-origin and opaque to access. *Note: this
issue only affects Firefox for Android. Desktop versions of Firefox are
unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3,
and Thunderbird < 60.3.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (63.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [Android only])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (Android only)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (Android only)
More Information

Updated: 2020-09-10 05:49:20 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)