VDB
CVE-2019-11737
CVE-2019-11737
PUBLISHED
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.
EPSS 0.13% · 32.5th percentile
Risk Scores
EPSS Score
0.13%
32.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | firefox | 52.0+build2-0ubuntu0.16.04.1, 57.0+build4-0ubuntu0.16.04.6, 57.0.1+build2-0ubuntu0.16.04.1 |
| Ubuntu:18.04:LTS | firefox | 68.0.1+build1-0ubuntu0.18.04.1, 65.0+build2-0ubuntu0.18.04.1, 65.0.1+build2-0ubuntu0.18.04.1 |
| Ubuntu:18.04:LTS | mozjs38 | 38.8.0~repack1-0ubuntu1, 38.8.0~repack1-0ubuntu3, 0 |
| Ubuntu:20.04:LTS | mozjs52 | 52.9.1-1build1, 52.9.1-1ubuntu3, 0 |
| Ubuntu:18.04:LTS | mozjs52 | 52.3.1-0ubuntu3, 52.9.1-0ubuntu0.18.04.1, 52.3.1-7fakesync1 |
Timeline
- Sep 4, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11737 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11737 third-party-advisory
- https://ubuntu.com/security/notices/USN-4122-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11737 third-party-advisory