vulnerability

Arch Linux: Cross-site scripting (CVE-2019-11741)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Sep 27, 2019	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 27, 2019

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

In Firefox before 69.0, a compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process.

Solution

arch-linux-upgrade-latest

References

CVE-2019-11741
https://attackerkb.com/topics/CVE-2019-11741
URL-https://bugzilla.mozilla.org/show_bug.cgi?id=1539595
URL-https://security.archlinux.org/ASA-201909-2
URL-https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
URL-https://www.mozilla.org/security/advisories/mfsa2019-25/
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today