CVE-2019-11761 - log back

CVE-2019-11761 edited at 26 Oct 2019 21:24:03
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1561502
Notes
CVE-2019-11761 created at 26 Oct 2019 17:45:26