[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-18499":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T14:55:36.164Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":424,"aliases":425,"duplicate_of":9,"upstream":426,"downstream":427,"duplicates":448,"related":449,"reserved_at":9,"published_at":450,"modified_at":451,"state":452,"summary":453,"references_raw":462,"kevs":484,"epss":485,"epss_history":488,"metrics":759,"affected":770},"CVE-2018-18499","A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv=\"refresh\" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox \u003C 62, Firefox ESR \u003C 60.2, and Thunderbird \u003C 60.2.1.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-346","Origin Validation Error","The product does not properly verify that the source of data or communication is valid.","weakness","Draft","Class",[19,23,76,88,92,263,267,271,275,279,283,287,291,412,416,420],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-160","Exploit Script-Based APIs",[],{"id":93,"name":94,"techniques":95},"CAPEC-21","Exploitation of Trusted Identifiers",[96,211,239],{"id":97,"name":98,"tactics":99,"countermeasures":109},"T1134","Access Token Manipulation",[100,103,106],{"id":101,"name":102},"TA0030","Defense Evasion",{"id":104,"name":105},"TA0005","Stealth",{"id":107,"name":108},"TA0111","Privilege Escalation",[110,115,119,123,127,131,135,139,143,148,152,156,161,166,170,174,178,182,187,191,195,199,203,207],{"id":111,"name":112,"tactic":113},"D3-CI","Configuration Inventory",{"name":114},"Model",{"id":116,"name":117,"tactic":118},"D3-NTPM","Network Traffic Policy Mapping",{"name":114},{"id":120,"name":121,"tactic":122},"D3-AM","Access Modeling",{"name":114},{"id":124,"name":125,"tactic":126},"D3-AEM","Application Exception Monitoring",{"name":42},{"id":128,"name":129,"tactic":130},"D3-SCA","System Call Analysis",{"name":42},{"id":132,"name":133,"tactic":134},"D3-CCSA","Credential Compromise Scope Analysis",{"name":42},{"id":136,"name":137,"tactic":138},"D3-OPM","Operational Process Monitoring",{"name":42},{"id":140,"name":141,"tactic":142},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":144,"name":145,"tactic":146},"D3-ST","Session Termination",{"name":147},"Evict",{"id":149,"name":150,"tactic":151},"D3-CR","Credential Revocation",{"name":147},{"id":153,"name":154,"tactic":155},"D3-ANCI","Authentication Cache Invalidation",{"name":147},{"id":157,"name":158,"tactic":159},"D3-DUC","Decoy User Credential",{"name":160},"Deceive",{"id":162,"name":163,"tactic":164},"D3-CH","Credential Hardening",{"name":165},"Harden",{"id":167,"name":168,"tactic":169},"D3-MFA","Multi-factor Authentication",{"name":165},{"id":171,"name":172,"tactic":173},"D3-CRO","Credential Rotation",{"name":165},{"id":175,"name":176,"tactic":177},"D3-TB","Token Binding",{"name":165},{"id":179,"name":180,"tactic":181},"D3-TBA","Token-based Authentication",{"name":165},{"id":183,"name":184,"tactic":185},"D3-RC","Restore Configuration",{"name":186},"Restore",{"id":188,"name":189,"tactic":190},"D3-RIC","Reissue Credential",{"name":186},{"id":192,"name":193,"tactic":194},"D3-SCF","System Call Filtering",{"name":75},{"id":196,"name":197,"tactic":198},"D3-CTS","Credential Transmission Scoping",{"name":75},{"id":200,"name":201,"tactic":202},"D3-EAL","Executable Allowlisting",{"name":75},{"id":204,"name":205,"tactic":206},"D3-EDL","Executable Denylisting",{"name":75},{"id":208,"name":209,"tactic":210},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":212,"name":213,"tactics":214,"countermeasures":216},"T1528","Steal Application Access Token",[215],{"id":32,"name":33},[217,219,221,223,225,227,229,231,233,235,237],{"id":132,"name":133,"tactic":218},{"name":42},{"id":149,"name":150,"tactic":220},{"name":147},{"id":153,"name":154,"tactic":222},{"name":147},{"id":157,"name":158,"tactic":224},{"name":160},{"id":162,"name":163,"tactic":226},{"name":165},{"id":167,"name":168,"tactic":228},{"name":165},{"id":171,"name":172,"tactic":230},{"name":165},{"id":175,"name":176,"tactic":232},{"name":165},{"id":179,"name":180,"tactic":234},{"name":165},{"id":188,"name":189,"tactic":236},{"name":186},{"id":196,"name":197,"tactic":238},{"name":75},{"id":240,"name":241,"tactics":242,"countermeasures":244},"T1539","Steal Web Session Cookie",[243],{"id":32,"name":33},[245,247,249,251,253,255,257,259,261],{"id":132,"name":133,"tactic":246},{"name":42},{"id":149,"name":150,"tactic":248},{"name":147},{"id":153,"name":154,"tactic":250},{"name":147},{"id":157,"name":158,"tactic":252},{"name":160},{"id":162,"name":163,"tactic":254},{"name":165},{"id":167,"name":168,"tactic":256},{"name":165},{"id":171,"name":172,"tactic":258},{"name":165},{"id":188,"name":189,"tactic":260},{"name":186},{"id":196,"name":197,"tactic":262},{"name":75},{"id":264,"name":265,"techniques":266},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":268,"name":269,"techniques":270},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":272,"name":273,"techniques":274},"CAPEC-386","Application API Navigation Remapping",[],{"id":276,"name":277,"techniques":278},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":280,"name":281,"techniques":282},"CAPEC-388","Application API Button Hijacking",[],{"id":284,"name":285,"techniques":286},"CAPEC-510","SaaS User Request Forgery",[],{"id":288,"name":289,"techniques":290},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":292,"name":293,"techniques":294},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[295,325],{"id":296,"name":297,"tactics":298,"countermeasures":302},"T1134.001","Token Impersonation/Theft",[299,300,301],{"id":101,"name":102},{"id":104,"name":105},{"id":107,"name":108},[303,305,307,309,311,313,315,317,319,321,323],{"id":132,"name":133,"tactic":304},{"name":42},{"id":149,"name":150,"tactic":306},{"name":147},{"id":153,"name":154,"tactic":308},{"name":147},{"id":157,"name":158,"tactic":310},{"name":160},{"id":162,"name":163,"tactic":312},{"name":165},{"id":167,"name":168,"tactic":314},{"name":165},{"id":171,"name":172,"tactic":316},{"name":165},{"id":175,"name":176,"tactic":318},{"name":165},{"id":179,"name":180,"tactic":320},{"name":165},{"id":188,"name":189,"tactic":322},{"name":186},{"id":196,"name":197,"tactic":324},{"name":75},{"id":326,"name":327,"tactics":328,"countermeasures":333},"T1550.004","Web Session Cookie",[329,330],{"id":101,"name":102},{"id":331,"name":332},"TA0109","Lateral Movement",[334,336,338,340,342,344,346,348,350,354,358,360,362,366,370,374,378,380,382,384,386,388,390,392,394,398,400,402,406,410],{"id":39,"name":40,"tactic":335},{"name":42},{"id":44,"name":45,"tactic":337},{"name":42},{"id":48,"name":49,"tactic":339},{"name":42},{"id":52,"name":53,"tactic":341},{"name":42},{"id":56,"name":57,"tactic":343},{"name":42},{"id":60,"name":61,"tactic":345},{"name":42},{"id":64,"name":65,"tactic":347},{"name":42},{"id":68,"name":69,"tactic":349},{"name":42},{"id":351,"name":352,"tactic":353},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":355,"name":356,"tactic":357},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":140,"name":141,"tactic":359},{"name":42},{"id":132,"name":133,"tactic":361},{"name":42},{"id":363,"name":364,"tactic":365},"D3-PT","Process Termination",{"name":147},{"id":367,"name":368,"tactic":369},"D3-PS","Process Suspension",{"name":147},{"id":371,"name":372,"tactic":373},"D3-HR","Host Reboot",{"name":147},{"id":375,"name":376,"tactic":377},"D3-HS","Host Shutdown",{"name":147},{"id":149,"name":150,"tactic":379},{"name":147},{"id":153,"name":154,"tactic":381},{"name":147},{"id":157,"name":158,"tactic":383},{"name":160},{"id":162,"name":163,"tactic":385},{"name":165},{"id":167,"name":168,"tactic":387},{"name":165},{"id":171,"name":172,"tactic":389},{"name":165},{"id":188,"name":189,"tactic":391},{"name":186},{"id":72,"name":73,"tactic":393},{"name":75},{"id":395,"name":396,"tactic":397},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":192,"name":193,"tactic":399},{"name":75},{"id":208,"name":209,"tactic":401},{"name":75},{"id":403,"name":404,"tactic":405},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":407,"name":408,"tactic":409},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":196,"name":197,"tactic":411},{"name":75},{"id":413,"name":414,"techniques":415},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":417,"name":418,"techniques":419},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":421,"name":422,"techniques":423},"CAPEC-89","Pharming",[],[],[],[],[428,430,432,434,436,438,440,442,444,446],{"_key":429},"DLA-1571-1",{"_key":431},"DLA-1575-1",{"_key":433},"DSA-4287-1",{"_key":435},"DSA-4327-1",{"_key":437},"UBUNTU-CVE-2018-18499",{"_key":439},"DEBIAN-CVE-2018-18499",{"_key":441},"RHSA-2018:2692",{"_key":443},"RHSA-2018:2693",{"_key":445},"RHSA-2018:3403",{"_key":447},"RHSA-2018:3458",[],[],"2019-02-28T18:00:00.000Z","2024-08-05T11:08:21.929Z","Modified",{"cisa_kev":454,"cisa_ransomware":454,"cisa_vendor":9,"epss_severity":455,"epss_score":456,"severity":457,"severity_score":458,"severity_version":459,"severity_source":460,"severity_vector":461,"severity_status":452},false,"low",0.0012,"medium",6.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",[463,470,476,480],{"url":464,"sources":465,"tags":467},"https://www.mozilla.org/security/advisories/mfsa2018-20/",[466,460],"cve.org",[468,469],"X Refsource CONFIRM","Vendor Advisory",{"url":471,"sources":472,"tags":473},"https://bugzilla.mozilla.org/show_bug.cgi?id=1468523",[466,460],[468,474,475,469],"Issue Tracking","Permissions Required",{"url":477,"sources":478,"tags":479},"https://www.mozilla.org/security/advisories/mfsa2018-21/",[466,460],[468,469],{"url":481,"sources":482,"tags":483},"https://www.mozilla.org/security/advisories/mfsa2018-25/",[466,460],[468,469],[],{"date":486,"score":456,"percentile":487},"2026-06-06",0.30479,[489,493,496,499,501,504,507,510,513,516,519,522,525,528,531,535,538,541,545,548,551,554,557,560,563,566,569,572,575,578,581,584,586,588,591,594,597,600,603,606,609,613,616,619,622,625,628,631,634,637,640,643,646,648,651,654,657,660,663,666,669,672,675,678,681,684,687,690,693,695,698,700,704,707,710,713,716,719,723,726,729,732,735,738,741,743,746,750,753,756],{"date":490,"score":491,"percentile":492},"2025-11-04",0.001,0.28364,{"date":494,"score":491,"percentile":495},"2025-11-05",0.28336,{"date":497,"score":491,"percentile":498},"2025-11-06",0.28349,{"date":500,"score":491,"percentile":498},"2025-11-07",{"date":502,"score":491,"percentile":503},"2025-11-08",0.28352,{"date":505,"score":491,"percentile":506},"2025-11-09",0.2832,{"date":508,"score":491,"percentile":509},"2025-11-10",0.28297,{"date":511,"score":491,"percentile":512},"2025-11-11",0.28325,{"date":514,"score":491,"percentile":515},"2025-11-12",0.28374,{"date":517,"score":491,"percentile":518},"2025-11-13",0.28386,{"date":520,"score":491,"percentile":521},"2025-11-14",0.28377,{"date":523,"score":491,"percentile":524},"2025-11-15",0.28375,{"date":526,"score":491,"percentile":527},"2025-11-16",0.28343,{"date":529,"score":491,"percentile":530},"2025-11-17",0.28321,{"date":532,"score":533,"percentile":534},"2025-11-18",0.00174,0.33716,{"date":536,"score":533,"percentile":537},"2025-11-19",0.33729,{"date":539,"score":533,"percentile":540},"2025-11-20",0.33712,{"date":542,"score":543,"percentile":544},"2025-11-21",0.00104,0.29052,{"date":546,"score":491,"percentile":547},"2025-11-22",0.28371,{"date":549,"score":491,"percentile":550},"2025-11-23",0.28337,{"date":552,"score":491,"percentile":553},"2025-11-24",0.28313,{"date":555,"score":491,"percentile":556},"2025-11-25",0.2831,{"date":558,"score":491,"percentile":559},"2025-11-26",0.28311,{"date":561,"score":491,"percentile":562},"2025-11-27",0.28323,{"date":564,"score":491,"percentile":565},"2025-11-28",0.28294,{"date":567,"score":491,"percentile":568},"2025-11-29",0.28281,{"date":570,"score":491,"percentile":571},"2025-11-30",0.28258,{"date":573,"score":491,"percentile":574},"2025-12-01",0.28312,{"date":576,"score":491,"percentile":577},"2025-12-02",0.28334,{"date":579,"score":491,"percentile":580},"2025-12-03",0.28341,{"date":582,"score":491,"percentile":583},"2025-12-04",0.28277,{"date":585,"score":491,"percentile":559},"2025-12-05",{"date":587,"score":491,"percentile":556},"2025-12-06",{"date":589,"score":491,"percentile":590},"2025-12-07",0.2828,{"date":592,"score":491,"percentile":593},"2025-12-08",0.28293,{"date":595,"score":491,"percentile":596},"2025-12-09",0.28348,{"date":598,"score":491,"percentile":599},"2025-12-10",0.28423,{"date":601,"score":491,"percentile":602},"2025-12-11",0.2845,{"date":604,"score":491,"percentile":605},"2025-12-12",0.28465,{"date":607,"score":491,"percentile":608},"2025-12-13",0.28462,{"date":610,"score":611,"percentile":612},"2025-12-14",0.00098,0.27651,{"date":614,"score":611,"percentile":615},"2025-12-15",0.27619,{"date":617,"score":611,"percentile":618},"2025-12-16",0.27633,{"date":620,"score":611,"percentile":621},"2025-12-17",0.27692,{"date":623,"score":611,"percentile":624},"2025-12-18",0.27743,{"date":626,"score":611,"percentile":627},"2025-12-19",0.27757,{"date":629,"score":611,"percentile":630},"2025-12-20",0.27723,{"date":632,"score":611,"percentile":633},"2025-12-21",0.27677,{"date":635,"score":611,"percentile":636},"2025-12-22",0.27644,{"date":638,"score":611,"percentile":639},"2025-12-23",0.27614,{"date":641,"score":611,"percentile":642},"2025-12-24",0.27622,{"date":644,"score":611,"percentile":645},"2025-12-25",0.27699,{"date":647,"score":611,"percentile":621},"2025-12-26",{"date":649,"score":611,"percentile":650},"2025-12-27",0.2769,{"date":652,"score":611,"percentile":653},"2025-12-28",0.27613,{"date":655,"score":611,"percentile":656},"2025-12-29",0.27584,{"date":658,"score":611,"percentile":659},"2025-12-30",0.27581,{"date":661,"score":611,"percentile":662},"2025-12-31",0.27647,{"date":664,"score":611,"percentile":665},"2026-01-01",0.2776,{"date":667,"score":611,"percentile":668},"2026-01-02",0.27761,{"date":670,"score":611,"percentile":671},"2026-01-03",0.27736,{"date":673,"score":611,"percentile":674},"2026-01-04",0.27624,{"date":676,"score":611,"percentile":677},"2026-01-05",0.27616,{"date":679,"score":611,"percentile":680},"2026-01-06",0.27628,{"date":682,"score":611,"percentile":683},"2026-01-07",0.27656,{"date":685,"score":611,"percentile":686},"2026-01-08",0.27698,{"date":688,"score":611,"percentile":689},"2026-01-09",0.27687,{"date":691,"score":611,"percentile":692},"2026-01-10",0.27668,{"date":694,"score":611,"percentile":612},"2026-01-11",{"date":696,"score":611,"percentile":697},"2026-01-12",0.27604,{"date":699,"score":611,"percentile":659},"2026-01-13",{"date":701,"score":702,"percentile":703},"2026-01-14",0.00117,0.31214,{"date":705,"score":702,"percentile":706},"2026-01-15",0.31212,{"date":708,"score":702,"percentile":709},"2026-01-16",0.31239,{"date":711,"score":702,"percentile":712},"2026-01-17",0.31235,{"date":714,"score":702,"percentile":715},"2026-01-18",0.31178,{"date":717,"score":702,"percentile":718},"2026-01-19",0.31149,{"date":720,"score":721,"percentile":722},"2026-01-20",0.00206,0.42619,{"date":724,"score":721,"percentile":725},"2026-01-21",0.42623,{"date":727,"score":721,"percentile":728},"2026-01-22",0.42624,{"date":730,"score":721,"percentile":731},"2026-01-23",0.4268,{"date":733,"score":721,"percentile":734},"2026-01-24",0.42689,{"date":736,"score":721,"percentile":737},"2026-01-25",0.42632,{"date":739,"score":721,"percentile":740},"2026-01-26",0.42591,{"date":742,"score":721,"percentile":740},"2026-01-27",{"date":744,"score":721,"percentile":745},"2026-01-28",0.42589,{"date":747,"score":748,"percentile":749},"2026-01-29",0.00198,0.41806,{"date":751,"score":748,"percentile":752},"2026-01-30",0.41812,{"date":754,"score":748,"percentile":755},"2026-01-31",0.41818,{"date":757,"score":748,"percentile":758},"2026-02-01",0.41928,[760],{"source":460,"cvss_v2_0":761,"cvss_v3_0":766,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":762,"baseSeverity":9,"vectorString":763,"impactScore":764,"exploitabilityScore":765},4.3,"AV:N/AC:M/Au:N/C:P/I:N/A:N",2.9,8.6,{"baseScore":458,"baseSeverity":767,"vectorString":461,"impactScore":768,"exploitabilityScore":769},"MEDIUM",6,7.2,[771,785,796],{"ecosystem":9,"name":772,"vendor":9,"product":772,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":773},"Firefox",[774,780],{"version":775,"is_range":776,"range_type":777,"version_start":9,"version_start_type":9,"version_end":778,"version_end_type":779,"fixed_in":9},"lt62.0",true,"cpe","62.0","excluding",{"version":781,"is_range":776,"range_type":466,"version_start":782,"version_start_type":783,"version_end":784,"version_end_type":779,"fixed_in":9},">= unspecified, \u003C 62","unspecified","including","62",{"ecosystem":9,"name":786,"vendor":787,"product":788,"cpe_part":789,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":790},"firefox esr","mozilla","firefox_esr","a",[791,794],{"version":792,"is_range":776,"range_type":777,"version_start":9,"version_start_type":9,"version_end":793,"version_end_type":779,"fixed_in":9},"lt60.2","60.2",{"version":795,"is_range":776,"range_type":466,"version_start":782,"version_start_type":783,"version_end":793,"version_end_type":779,"fixed_in":9},">= unspecified, \u003C 60.2",{"ecosystem":9,"name":797,"vendor":787,"product":798,"cpe_part":789,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":799},"Thunderbird","thunderbird",[800,803],{"version":801,"is_range":776,"range_type":777,"version_start":9,"version_start_type":9,"version_end":802,"version_end_type":779,"fixed_in":9},"lt60.2.1","60.2.1",{"version":804,"is_range":776,"range_type":466,"version_start":782,"version_start_type":783,"version_end":802,"version_end_type":779,"fixed_in":9},">= unspecified, \u003C 60.2.1"]