Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-11698 - log back

CVE-2019-11698 created at 25 Sep 2019 19:31:40

Severity

+

Medium

Remote

+

Remote

Type

+	Information disclosure

Description

+

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1543191

Notes