CVE-2019-11716

2019-07-23T14:15:00
ID CVE-2019-11716
Type cve
Reporter cve@mitre.org
Modified 2019-08-15T18:15:00

Description

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.