|Type||Access restriction bypass|
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.
|26 Oct 2019||ASA-201910-16||AVG-1055||firefox||Critical||multiple issues|
|26 Oct 2019||ASA-201910-15||AVG-1054||thunderbird||Critical||multiple issues|