Lucene search
Ubuntu.comUB:CVE-2019-11738HistorySep 04, 2019 - 12:00 a.m.
CVE-2019-11738
2019-09-0400:00:00
ubuntu.com
ubuntu.com
10
0.003 Low
EPSS
Percentile
65.6%
If a Content Security Policy (CSP) directive is defined that uses a
hash-based source that takes the empty string as input, execution of any
javascript: URIs will be allowed. This could allow for malicious JavaScript
content to be run, bypassing CSP permissions. This vulnerability affects
Firefox < 69 and Firefox ESR < 68.1.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | firefox | < 69.0+build2-0ubuntu0.18.04.1 | UNKNOWN |
| ubuntu | 19.04 | noarch | firefox | < 69.0+build2-0ubuntu0.19.04.1 | UNKNOWN |
| ubuntu | 19.10 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 20.04 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 20.10 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 21.04 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 21.10 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 22.04 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 22.10 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
| ubuntu | 23.04 | noarch | firefox | < 69.0.1+build1-0ubuntu2 | UNKNOWN |
Related
prion
prion
Input validation
2019-09-27 18:15:00
debiancve
debiancve
CVE-2019-11738
2019-09-27 18:15:11
redhatcve
redhatcve
CVE-2019-11738
2019-10-07 17:03:59
cve
cve
CVE-2019-11738
2019-09-27 18:15:11
nvd
nvd
CVE-2019-11738
2019-09-27 18:15:11
cvelist
cvelist
CVE-2019-11738
2019-09-27 17:19:57
redhat
redhat
(RHSA-2019:2663) Important: firefox security update
2019-09-04 20:00:30
nessus
nessus
RHEL 8 : firefox (RHSA-2019:2663)
2019-09-05 00:00:00
CentOS 8 : firefox (CESA-2019:2663)
2021-01-29 00:00:00
Oracle Linux 8 : firefox (ELSA-2019-2663)
2019-09-09 00:00:00
oraclelinux
oraclelinux
firefox security update
2019-09-06 00:00:00
ibm
ibm
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0268)
2022-01-28 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2019-25, MFSA2019-27) - Windows
2019-09-05 00:00:00
archlinux
archlinux
[ASA-201909-2] firefox: multiple issues
2019-09-04 00:00:00
ubuntu
ubuntu
Firefox regression
2019-10-08 00:00:00
Firefox vulnerabilities
2019-09-04 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 68.1 — Mozilla
2019-09-03 00:00:00
Security vulnerabilities fixed in Firefox 69 — Mozilla
2019-09-03 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-09-12 22:09:52
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1
2019-09-04 00:00:00
kaspersky
kaspersky
KLA11545 Multiple vulnerabilities in Mozilla Firefox ESR
2019-09-03 00:00:00
KLA11546 Multiple vulnerabilities in Mozilla Firefox
2019-09-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-09-03 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2019-10-06 00:00:00
Security update for MozillaFirefox (important)
2019-10-05 00:00:00