CVE-2019-11728 — Resource Exposure in Mozilla Firefox

CWE-668 — Resource Exposure CWE-200 — Sensitive Information Exposure10 documents7 sources

Severity

4.7MEDIUMNVD

OSV9.8

EPSS

0.6%

top 29.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Opensuse Leap

Timeline

PublishedJul 23

Latest updateMay 24

Description

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/firefox< firefox 68.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 68

▶NVDmozilla/firefox< 68.0

▶Ubuntumozilla/firefox< 68.0+build3-0ubuntu0.16.04.1+3

▶NVDopensuse/leap15.0, 15.1+1

🔴Vulnerability Details

GHSA

GHSA-64hw-6p83-m326: The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when we↗2022-05-24

▶

OSV

firefox regressions↗2019-07-25

▶

OSV

firefox vulnerabilities↗2019-07-12

▶

OSV

CVE-2019-11728: The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when we↗2019-07-11

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2019-07-25

▶

Ubuntu

Firefox vulnerabilities↗2019-07-12

▶

Red Hat

Mozilla: Port scanning through Alt-Svc header↗2019-07-09

▶

Debian

CVE-2019-11728: firefox - The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site t...↗2019

▶

💬Community

Bugzilla

CVE-2019-11728 Mozilla: Port scanning through Alt-Svc header↗2019-07-18

▶