Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11698

Опубликовано: 22 мая 2019
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Отчет

In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-829
https://bugzilla.redhat.com/show_bug.cgi?id=1712621Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

EPSS

Процентиль: 59%
0.00379
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.3
ubuntu
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
nvd
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
debian
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...

CVSS3: 5.3
github
около 3 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
fstec
около 6 лет назад

Уязвимость браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 59%
0.00379
Низкий

6.1 Medium

CVSS3