5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
69.4%
By using a form with a data URI it was possible to gain access to the
privileged JSONView object that had been cloned into content. Impact from
exposing this object appears to be minimal, however it was a bypass of
existing defense in depth mechanisms. This vulnerability affects Firefox <
70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 70.0+build2-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | firefox | < 70.0+build2-0ubuntu0.19.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | firefox | < 70.0+build2-0ubuntu0.19.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-11761
nvd.nist.gov/vuln/detail/CVE-2019-11761
security-tracker.debian.org/tracker/CVE-2019-11761
ubuntu.com/security/notices/USN-4165-1
ubuntu.com/security/notices/USN-4202-1
ubuntu.com/security/notices/USN-4335-1
www.cve.org/CVERecord?id=CVE-2019-11761
www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
69.4%