By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1561502 | Issue Tracking Permissions Required |
https://security.gentoo.org/glsa/202003-10 | Third Party Advisory |
https://usn.ubuntu.com/4335-1/ | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-33/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-34/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-35/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2020-01-08T19:52:08
Updated: 2020-04-29T02:07:10
Reserved: 2019-05-03T00:00:00
Link: CVE-2019-11761
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-08T20:15:12.780
Modified: 2023-02-01T14:08:24.317
Link: CVE-2019-11761
JSON object: View
Redhat Information
No data.