CVE-2019-11741

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 69

Description A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. This issue is related to the lack of protection for the web page structure, which can be exploited by a remote attacker to compromise data integrity. The vulnerability is particularly concerning for sites closely tied to the Firefox product, such as addons.mozilla.org and accounts.firefox.com, as malicious manipulation of these sites can potentially modify a user's Firefox configuration. To mitigate this, these sites will be isolated into their own process.

Recommendations For versions prior to 69, update to version 69 or later to resolve the issue. As a temporary workaround, consider isolating sensitive sites into their own process to minimize the risk of exploitation. Restrict access to potentially vulnerable sites within the standard content process to reduce the attack surface.