vulnerability

Oracle Solaris 11: CVE-2019-11737 (11.4 SRU 27.82.1)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Sep 27, 2019

Added

Jan 19, 2021

Modified

Feb 17, 2022

Description

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.

Solutions

oracle-solaris-11-4-upgrade-mail-thunderbird-78-3-0-11-4-27-0-1-82-0oracle-solaris-11-4-upgrade-mail-thunderbird-plugin-thunderbird-lightning-68-12-0-11-4-27-0-1-82-0oracle-solaris-11-4-upgrade-web-browser-firefox-78-3-0-11-4-27-0-1-82-0oracle-solaris-11-4-upgrade-web-data-firefox-bookmarks-78-3-0-11-4-27-0-1-82-0

References

CVE-2019-11737
https://attackerkb.com/topics/CVE-2019-11737
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report