Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-11728

Published: 23/07/2019 Updated: 31/01/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.7 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Firefox

Vulnerability Summary

A sandbox escape exists in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

opensuse leap 15.0

opensuse leap 15.1

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox regressions
USN-4054-1 caused some minor regressions in Firefox ...
Arch Linux Issues:
In firefox before 680, the HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded ...
Mozilla: Security vulnerabilities fixed in Firefox 68
Mozilla Foundation Security Advisory 2019-21 Security vulnerabilities fixed in Firefox 68 Announced July 9, 2019 Impact critical Products Firefox Fixed in Firefox 68 ...
Mozilla: Security vulnerabilities fixed in Thunderbird 68
Mozilla Foundation Security Advisory 2019-28 Security vulnerabilities fixed in Thunderbird 68 Announced August 27, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 68 ...

Recent Articles

Header aches in Firefox, Tor, Brave and Chrome as HTTP opens new security holes
The Register • Thomas Claburn in San Francisco • 13 Aug 2019

Alternative Services spec bungled by browser makers Googlers hate it! This one weird trick lets websites dodge Chrome 76's defenses, detect you're in Incognito mode

The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, and to foil tracking defenses and privacy assumptions, according to a paper scheduled to be presented at the WOOT '19 security conference on Tuesday. Back in March 2016, the Internet Engineering Steering Group approved the HTTP Alternative Services header as a proposed web standard for situations when a web server needs to send a client to another service. Ther...

Read more...

References

CWE-668https://www.mozilla.org/security/advisories/mfsa2019-21/https://bugzilla.mozilla.org/show_bug.cgi?id=1552993https://security.gentoo.org/glsa/201908-12http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/4054-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook