Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11698

Опубликовано: 23 июл. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 5.3

Описание

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

РелизСтатусПримечание
bionic

released

67.0+build2-0ubuntu0.18.04.1
cosmic

released

67.0+build2-0ubuntu0.18.10.1
devel

released

67.0+build2-0ubuntu1
disco

released

67.0+build2-0ubuntu0.19.04.1
eoan

released

67.0+build2-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

67.0+build2-0ubuntu1
groovy

released

67.0+build2-0ubuntu1
hirsute

released

67.0+build2-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

released

1:60.7.0+build1-0ubuntu0.18.04.1
cosmic

released

1:60.7.0+build1-0ubuntu0.18.10.1
devel

released

1:60.7.0+build1-0ubuntu3
disco

released

1:60.7.0+build1-0ubuntu0.19.04.1
eoan

released

1:60.7.0+build1-0ubuntu3
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

1:60.7.0+build1-0ubuntu3
groovy

released

1:60.7.0+build1-0ubuntu3
hirsute

released

1:60.7.0+build1-0ubuntu3

Показывать по

EPSS

Процентиль: 59%
0.00379
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 6.1
redhat
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
nvd
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
debian
около 6 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...

CVSS3: 5.3
github
около 3 лет назад

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS3: 5.3
fstec
около 6 лет назад

Уязвимость браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 59%
0.00379
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3