CVE-2019-11761

Description

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
• v2.0•MEDIUM•Score: 5.8AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.41%• Percentile: 62%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

• CWE-862•Missing Authorization

  The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Affected Systems

• canonical•ubuntu_linux

  16.04

• mozilla•firefox

  < 70.0 | < 70

• mozilla•firefox_esr

  < 68.2

• mozilla•thunderbird

  < 68.2

References (6)

• https://www.mozilla.org/security/advisories/mfsa2019-35/
• https://www.mozilla.org/security/advisories/mfsa2019-33/
• https://www.mozilla.org/security/advisories/mfsa2019-34/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1561502
• https://security.gentoo.org/glsa/202003-10
• https://usn.ubuntu.com/4335-1/