CVE-2019-11725 — Improper Authorization in Mozilla Firefox

CWE-285 — Improper Authorization10 documents7 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

0.2%

top 53.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Opensuse Leap

Timeline

PublishedJul 23

Latest updateMay 24

Description

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 68.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 68

▶NVDmozilla/firefox< 68.0

▶Ubuntumozilla/firefox< 68.0+build3-0ubuntu0.16.04.1+3

▶NVDopensuse/leap15.0, 15.1+1

🔴Vulnerability Details

GHSA

GHSA-8h36-rwvg-grvq: When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources fro↗2022-05-24

▶

OSV

firefox regressions↗2019-07-25

▶

OSV

firefox vulnerabilities↗2019-07-12

▶

OSV

CVE-2019-11725: When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources fro↗2019-07-11

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2019-07-25

▶

Ubuntu

Firefox vulnerabilities↗2019-07-12

▶

Red Hat

Mozilla: Websocket resources bypass safebrowsing protections↗2019-07-09

▶

Debian

CVE-2019-11725: firefox - When a user navigates to site marked as unsafe by the Safebrowsing API, warning ...↗2019

▶

💬Community

Bugzilla

CVE-2019-11725 Mozilla: Websocket resources bypass safebrowsing protections↗2019-07-18

▶