CVE-2018-12403

Summary

If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 63affected

Weaknesses

  • Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP

ADP Enrichment

CVE Program Container

Additional References

References