CVE-2019-11762 log

Source
Severity Medium
Remote Yes
Type Same-origin policy bypass
Description
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
AVG-1054 thunderbird 68.1.1-1 68.2.0-1 Critical Fixed
Date Advisory Group Package Severity Description
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
26 Oct 2019 ASA-201910-15 AVG-1054 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
https://bugzilla.mozilla.org/show_bug.cgi?id=1582857