vulnerability
Gentoo Linux: CVE-2019-11711: Mozilla Firefox: Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jul 23, 2019 | Aug 16, 2019 | Oct 29, 2021 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jul 23, 2019
Added
Aug 16, 2019
Modified
Oct 29, 2021
Description
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Solutions
gentoo-linux-upgrade-mail-client-thunderbirdgentoo-linux-upgrade-mail-client-thunderbird-bingentoo-linux-upgrade-www-client-firefoxgentoo-linux-upgrade-www-client-firefox-bin
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.