vulnerability
Arch Linux: Insufficient validation (CVE-2019-11718)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 23, 2019 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 23, 2019
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
In Firefox before 68.0, Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised.
Solution
arch-linux-upgrade-latest
References
- CVE-2019-11718
- https://attackerkb.com/topics/CVE-2019-11718
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
- URL-https://bugzilla.mozilla.org/show_bug.cgi?id=1408349
- URL-https://security.archlinux.org/ASA-201907-4
- URL-https://security.gentoo.org/glsa/201908-12
- URL-https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
- URL-https://www.mozilla.org/security/advisories/mfsa2019-21/
- CWE-74
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.