CVE-2019-11741
Description
A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a users Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.243
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (69.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (69.0.1) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (69.0.1) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (69.0) | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (69.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (69.0.1) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (69.0.2) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (69.0.3) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 68.6.0 | Mac |
| Mozilla Open Source web browser (USN-4122-1) firefox_69.0+build2-0ubuntu0.16.04.4_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4122-1) firefox_69.0+build2-0ubuntu0.16.04.4_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4122-1) firefox_69.0+build2-0ubuntu0.18.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4122-1) firefox_69.0+build2-0ubuntu0.18.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4122-1) firefox_69.0+build2-0ubuntu0.19.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4122-1) firefox_69.0+build2-0ubuntu0.19.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4122-2) firefox_69.0.2+build1-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4122-2) firefox_69.0.2+build1-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4122-2) firefox_69.0.2+build1-0ubuntu0.18.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4122-2) firefox_69.0.2+build1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4122-2) firefox_69.0.2+build1-0ubuntu0.19.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4122-2) firefox_69.0.2+build1-0ubuntu0.19.04.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-310840 | Mozilla Firefox (x64) (69.0) |
| PATCH-310979 | Mozilla Firefox (x64) (69.0.1) |
| PATCH-310978 | Mozilla Firefox (69.0.1) |
| PATCH-311220 | Mozilla Firefox (69.0.3) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234