Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-11698: CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2019-11698: CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
05/23/2019
Created
05/25/2019
Added
05/24/2019
Modified
12/15/2023

Description

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Solution(s)

  • redhat-upgrade-firefox
  • redhat-upgrade-firefox-debuginfo
  • redhat-upgrade-firefox-debugsource
  • redhat-upgrade-thunderbird
  • redhat-upgrade-thunderbird-debuginfo
  • redhat-upgrade-thunderbird-debugsource

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;