Published: 23/07/2019 Updated: 29/07/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an malicious user to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox esr
mozilla thunderbird

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: thunderbird security and bug fix update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-4054-1 caused some minor regressions in Firefox ...

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery For the oldstable distribution (stretch), these problems have been fixed in version 6080esr-1~deb9u ...

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in buster Thunderbird uses the system-wide copy of NSS ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1002 firefox 6704-2 680-1 Critical Testing ...

Mozilla Foundation Security Advisory 2019-21 Security vulnerabilities fixed in Firefox 68 Announced July 9, 2019 Impact critical Products Firefox Fixed in Firefox 68 ...

Mozilla Foundation Security Advisory 2019-28 Security vulnerabilities fixed in Thunderbird 68 Announced August 27, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 68 ...

Mozilla Foundation Security Advisory 2019-22 Security vulnerabilities fixed in Firefox ESR 608 Announced July 9, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 608 ...

Mozilla Foundation Security Advisory 2019-23 Security vulnerabilities fixed in Thunderbird 608 Announced July 9, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 608 ...

CWE-352 https://www.mozilla.org/security/advisories/mfsa2019-21/https://bugzilla.mozilla.org/show_bug.cgi?id=1543804 https://www.mozilla.org/security/advisories/mfsa2019-22/https://www.mozilla.org/security/advisories/mfsa2019-23/http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html https://security.gentoo.org/glsa/201908-12 https://security.gentoo.org/glsa/201908-20 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2019:1764 https://usn.ubuntu.com/4064-1/

Get Started

CVE-2019-11712

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect