← back
CVE-2019-11761

CVE-2019-11761

EPSS 0.8%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
08 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1561502https://security.gentoo.org/glsa/202003-10https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2019-33/https://www.mozilla.org/security/advisories/mfsa2019-34/https://www.mozilla.org/security/advisories/mfsa2019-35/