PT-2019-4553 · Mozilla+3 · Firefox+3

Andreas Wagner

Published

2019-07-09

Updated

2024-12-12

CVE-2019-11723

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 68

Description The issue is related to a lack of protection for service data, which could allow a remote attacker to access confidential information. It is also associated with the installation of add-ons, where the initial fetch ignores the origin attributes of the browsing context, potentially leaking cookies in private browsing mode or across different containers for users of the Firefox Multi-Account Containers Web Extension.

Recommendations For versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider disabling the installation of add-ons until a patch is available. Restrict access to sensitive data and avoid using private browsing mode or the Firefox Multi-Account Containers Web Extension in affected versions.

Fix

Information Disclosure

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-346

Related Identifiers

ALT-PU-2019-2301

ALT-PU-2019-2324

ALT-PU-2019-2479

ALT-PU-2019-2486

BDU:2020-00599

CVE-2019-11723

MGASA-2019-0213

MGASA-2019-0272

OPENSUSE-SU-2019:2248-1

OPENSUSE-SU-2019:2249-1

OPENSUSE-SU-2019:2251-1

OPENSUSE-SU-2019:2260-1

OPENSUSE-SU-2019_2248-1

OPENSUSE-SU-2019_2249-1

OPENSUSE-SU-2019_2251-1

OPENSUSE-SU-2019_2260-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:14246-1

SUSE-SU-2019:2515-1

SUSE-SU-2019:2545-1

SUSE-SU-2019:2620-1

SUSE-SU-2019_14246-1

USN-4054-1

USN-4054-2

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2019-4553 · Mozilla+3 · Firefox+3

CVE-2019-11723

Weakness Enumeration

Related Identifiers

Affected Products

References · 2136