---

CVE-2019-11762 - log back

CVE-2019-11762 edited at 28 Oct 2019 10:21:01

Description

- A same-origine policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. + A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.

CVE-2019-11762 edited at 26 Oct 2019 21:23:11
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Same-origin policy bypass
Description	+ A same-origine policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762 + https://bugzilla.mozilla.org/show_bug.cgi?id=1582857
Notes

CVE-2019-11762 created at 26 Oct 2019 17:45:26