CVE-2019-11761 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Access restriction bypass
Description	An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1055	firefox	69.0.3-1	70.0-1	Critical	Fixed
AVG-1054	thunderbird	68.1.1-1	68.2.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
26 Oct 2019	ASA-201910-16	AVG-1055	firefox	Critical	multiple issues
26 Oct 2019	ASA-201910-15	AVG-1054	thunderbird	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761 https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761 https://bugzilla.mozilla.org/show_bug.cgi?id=1561502

References

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
https://bugzilla.mozilla.org/show_bug.cgi?id=1561502