Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11698

Опубликовано: 23 июл. 2019
Источник: debian
EPSS Низкий

Описание

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed67.0-1experimentalpackage
firefoxfixed67.0-2package
firefox-esrfixed60.7.0esr-1package
thunderbirdfixed1:60.7.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698

EPSS

Процентиль: 59%
0.00379
Низкий

Связанные уязвимости

CVSS3: 5.3
ubuntu
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 6.1
redhat
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
nvd
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
github
около 3 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
fstec
около 6 лет назад

Уязвимость браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 59%
0.00379
Низкий