Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11761

Опубликовано: 22 окт. 2019
Источник: redhat
CVSS3: 5.4

Описание

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxFixedRHSA-2019:328131.10.2019
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2019:375606.11.2019
Red Hat Enterprise Linux 7firefoxFixedRHSA-2019:319324.10.2019
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2019:321029.10.2019
Red Hat Enterprise Linux 8firefoxFixedRHSA-2019:319624.10.2019
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2019:323729.10.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-749
https://bugzilla.redhat.com/show_bug.cgi?id=1764442Mozilla: Unintended access to a privileged JSONView object

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11761

CVSS3: 5.4
ubuntu
больше 5 лет назад

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

nvd логотип

CVE-2019-11761

CVSS3: 5.4
nvd
больше 5 лет назад

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

debian логотип

CVE-2019-11761

CVSS3: 5.4
debian
больше 5 лет назад

By using a form with a data URI it was possible to gain access to the ...

github логотип

GHSA-44qm-5fqq-5hw7

CVSS3: 5.4
github
около 3 лет назад

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

fstec логотип

BDU:2020-01409

CVSS3: 5.4
fstec
больше 5 лет назад

Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой получения доступа к привилегированному объекту JSONView, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

5.4 Medium

CVSS3