vulnerability
Oracle Linux: CVE-2019-11761: ELSA-2019-3193: firefox security update (CRITICAL) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Oct 22, 2019 | Oct 30, 2019 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Oct 22, 2019
Added
Oct 30, 2019
Modified
Dec 3, 2025
Description
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network.
A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network.
Solutions
oracle-linux-upgrade-firefoxoracle-linux-upgrade-thunderbird
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.