CVE-2019-11762

2020-01-0819:53:09

mozilla

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 70"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 68.2"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 68.2"
      }
    ]
  }
]