CVE-2019-11761

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11761
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11761.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11761
Downstream
Related
Published
2020-01-08T20:15:12.780Z
Modified
2026-03-10T22:08:40.908174Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11761.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "70.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "68.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "68.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    }
]