VDB
CVE-2019-11741
CVE-2019-11741
PUBLISHED
A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69.
EPSS 0.24% · 47.7th percentile
Risk Scores
EPSS Score
0.24%
47.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | mozjs38 | 38.8.0~repack1-0ubuntu3, 38.8.0~repack1-0ubuntu4, 38.8.0~repack1-0ubuntu1 |
| Ubuntu:18.04:LTS | firefox | *, *, * |
| Ubuntu:16.04:LTS | firefox | 58.0.1+build1-0ubuntu0.16.04.1, 58.0.2+build1-0ubuntu0.16.04.1, * |
| Ubuntu:20.04:LTS | mozjs52 | 52.9.1-1ubuntu3, 0, 52.9.1-1build1 |
| Ubuntu:18.04:LTS | mozjs52 | 52.8.1-0ubuntu0.18.04.1, 0, 52.3.1-7fakesync1 |
Timeline
- Sep 4, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11741 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741 third-party-advisory
- https://ubuntu.com/security/notices/USN-4122-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11741 third-party-advisory