CVE-2019-11698 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.
Group Package Affected Fixed Severity Status Ticket
AVG-966 firefox 66.0.5-1 67.0-1 Critical Fixed
AVG-965 thunderbird 60.6.1-2 60.7.0-1 Critical Fixed
Date Advisory Group Package Severity Description
23 May 2019 ASA-201905-9 AVG-966 firefox Critical multiple issues
23 May 2019 ASA-201905-8 AVG-965 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
https://bugzilla.mozilla.org/show_bug.cgi?id=1543191