CVE-2019-11730 — Inclusion of Functionality from Untrusted Control Sphere in Mozilla Firefox

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere15 documents8 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

19.7%

top 4.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +5 more

Timeline

PublishedJul 23

Latest updateMay 24

Description

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, du…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages13 packages

▶debiandebian/firefox< firefox 68.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 68

▶NVDmozilla/firefox< 68.0

▶debiandebian/firefox-esr< firefox 68.0-1 (sid)

▶CVEListV5mozilla/firefox_esrunspecified — 60.8

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-353x-8rf5-m26c: A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or su↗2022-05-24

▶

OSV

firefox regressions↗2019-07-25

▶

OSV

CVE-2019-11730: A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or su↗2019-07-23

▶

OSV

thunderbird vulnerabilities↗2019-07-17

▶

OSV

firefox vulnerabilities↗2019-07-12

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2019-07-25

▶

Ubuntu

Thunderbird vulnerabilities↗2019-07-17

▶

Ubuntu

Firefox vulnerabilities↗2019-07-12

▶

Red Hat

Mozilla: Same-origin policy treats all files in a directory as having the same-origin↗2019-07-10

▶

Debian

CVE-2019-11730: firefox - A vulnerability exists where if a user opens a locally saved HTML file, this fil...↗2019

▶

📄Research Papers

CTF

20200314-confidencectf2020teaser / README↗2020

▶

💬Community

Bugzilla

CVE-2019-11730 Mozilla: Same-origin policy treats all files in a directory as having the same-origin↗2019-07-10

▶

Bugzilla

file: URIs SOP Bypass: local HTML file can lead to file stealing (similar to CVE-2015-7186)↗2019-06-10

▶

Bugzilla

"Save as complete" gives access to content from other domains↗2006-04-04

▶