PT-2019-4553 · Mozilla+3 · Firefox+3

Andreas Wagner

·

Publicado

2019-07-09

·

Atualizado

2024-12-12

·

CVE-2019-11723

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 68
Description The issue is related to a lack of protection for service data, which could allow a remote attacker to access confidential information. It is also associated with the installation of add-ons, where the initial fetch ignores the origin attributes of the browsing context, potentially leaking cookies in private browsing mode or across different containers for users of the Firefox Multi-Account Containers Web Extension.
Recommendations For versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider disabling the installation of add-ons until a patch is available. Restrict access to sensitive data and avoid using private browsing mode or the Firefox Multi-Account Containers Web Extension in affected versions.

Correção

Information Disclosure

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-346

Identificadores relacionados

ALT-PU-2019-2301
ALT-PU-2019-2324
ALT-PU-2019-2479
ALT-PU-2019-2486
BDU:2020-00599
CVE-2019-11723
MGASA-2019-0213
MGASA-2019-0272
OPENSUSE-SU-2019:2248-1
OPENSUSE-SU-2019:2249-1
OPENSUSE-SU-2019:2251-1
OPENSUSE-SU-2019:2260-1
OPENSUSE-SU-2019_2248-1
OPENSUSE-SU-2019_2249-1
OPENSUSE-SU-2019_2251-1
OPENSUSE-SU-2019_2260-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2019:14246-1
SUSE-SU-2019:2515-1
SUSE-SU-2019:2545-1
SUSE-SU-2019:2620-1
SUSE-SU-2019_14246-1
USN-4054-1
USN-4054-2

Produtos afetados

Alt Linux
Firefox
Suse
Ubuntu