Executive Summary

Informations
NameCVE-2019-11730First vendor Publication2019-07-23
VendorCveLast vendor Modification2019-08-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application416
Application124
Application353
Application1
Os1
Os2

Sources (Detail)

SourceUrl
GENTOO https://security.gentoo.org/glsa/201908-12
https://security.gentoo.org/glsa/201908-20
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=1558299
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
https://www.mozilla.org/security/advisories/mfsa2019-23/
MLIST https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2019-10-05 12:11:01
  • Multiple Updates
2019-10-01 01:09:37
  • Multiple Updates
2019-08-24 05:19:29
  • Multiple Updates
2019-08-17 05:19:35
  • Multiple Updates
2019-08-16 00:19:37
  • Multiple Updates
2019-08-05 17:19:19
  • Multiple Updates
2019-08-03 12:10:16
  • Multiple Updates
2019-07-31 00:19:19
  • Multiple Updates
2019-07-29 21:19:57
  • Multiple Updates
2019-07-23 21:19:32
  • First insertion