4.3
CVSSv2

CVE-2019-11730

Published: 23/07/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to bypass security restrictions, caused by a same-origin policy that treats all files in a directory as having the same-origin. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to to read attachments the victim received from other correspondents.

Vulnerability Trend

Vendor Advisories

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: thunderbird security and bug fix update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
A vulnerability exists in Firefox before 680 where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server ...
Several security issues were fixed in Thunderbird ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery For the oldstable distribution (stretch), these problems have been fixed in version 6080esr-1~deb9u ...
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in buster Thunderbird uses the system-wide copy of NSS ...
Oracle Linux Bulletin - July 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Pa ...
Security vulnerabilities fixed in Firefox ESR 608 Announced July 9, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 608 ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
USN-4054-1 caused some minor regressions in Firefox ...
Security vulnerabilities fixed in Thunderbird 608 Announced July 9, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 608 ...
When an inner window is reused, it does not consider the use of documentdomain for cross-origin protections If pages on different subdomains ever cooperatively use documentdomain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use documentdomain to relax their origin securit ...
Arch Linux Security Advisory ASA-201907-4 ========================================= Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2 ...
Security vulnerabilities fixed in Firefox 68 Announced July 9, 2019 Impact high Products Firefox Fixed in Firefox 68 ...
Synthetic Playback Agent has addressed the following vulnerabilities: ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4479-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 11, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4482-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff July 14, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-191-01) New mozilla-firefox packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-680esr-i686-1_slack142tx ...

Github Repositories

Generates a static HTML site based on the contents of your Shotwell photo/video library.

shotwell-site-generator Shotwell is a fantastic program for organizing photos and videos It supports publishing media to third-party sites, however that requires organizing the media again there, which is time consuming Once the media is published, any metadata changes that are made in Shotwell will not be shown on that third-party site This program exports a static mobile-f

CVE-2019-11730

Project for the Advanced Graphics course

advanced-graphics-project Project for the Advanced Graphical Algorithms course Tested under Firefox 740 (64-bit) Pre-requirements under Firefox Because of the changes according to CVE-2019-11730, under Firefox we have to change a flag to not threat the file:/// URI as unique origin by CORS Copy about:config in to the URL bar and set privacyfile_unique_origin=False

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr