CVE-2019-11738
published 2019-09-27CVE-2019-11738: If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs…
PriorityP429medium6.3CVSS 3.1
AVNACLPRNUIRSUCLILAL
EPSS
1.45%
70.1th percentile
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| debian | firefox-esr | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| mozilla | firefox | < 69.0 | 69.0 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.16.04.4 | 69.0+build2-0ubuntu0.16.04.4 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.16.04.1 | 69.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.18.04.1 | 69.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.18.04.1 | 69.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= unspecified < 69 | 69 |
| mozilla | firefox_esr | < 68.1.0 | 68.1.0 |
| mozilla | firefox_esr | >= unspecified < 68.1 | 68.1 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.3MEDIUM
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v2rv-c5w8-f538: If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascrip
ghsa_unreviewed·2022-05-24
CVE-2019-11738 [MEDIUM] CWE-276 GHSA-v2rv-c5w8-f538: If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascrip
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
OSV
firefox regression
osv·2019-10-08·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, C
OSV
CVE-2019-11738: If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascrip
osv·2019-09-27·CVSS 6.3
CVE-2019-11738 [MEDIUM] CVE-2019-11738: If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascrip
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
OSV
firefox vulnerabilities
osv·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with anothe
Ubuntu
Firefox regression
vendor_ubuntu·2019-10-08·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-4122-1 caused a regression in Firefox.
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could lo
Red Hat
Mozilla: Content security policy bypass through hash-based sources in directives
vendor_redhat·2019-09-03·CVSS 6.3
CVE-2019-11738 [MEDIUM] CWE-358 Mozilla: Content security policy bypass through hash-based sources in directives
Mozilla: Content security policy bypass through hash-based sources in directives
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2019-11738: firefox - If a Content Security Policy (CSP) directive is defined that uses a hash-based s...
vendor_debian·2019·CVSS 6.3
CVE-2019-11738 [MEDIUM] CVE-2019-11738: firefox - If a Content Security Policy (CSP) directive is defined that uses a hash-based s...
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Scope: local
sid: resolved (fixed in 69.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-11738 Mozilla: Content security policy bypass through hash-based sources in directives
bugzilla·2019-09-04·CVSS 6.3
CVE-2019-11738 [MEDIUM] CVE-2019-11738 Mozilla: Content security policy bypass through hash-based sources in directives
CVE-2019-11738 Mozilla: Content security policy bypass through hash-based sources in directives
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any `javascript:` URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11738
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Wladimir Palant
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:2663 https://access.redhat.com/errata/RHSA-2019:2663
---
This bug is now closed. Further updates for individual products will be reflected on the
Bugzilla
Firefox 69.0 is available
bugzilla·2019-09-03·CVSS 9.8
CVE-2019-11751 [CRITICAL] Firefox 69.0 is available
Firefox 69.0 is available
Description of problem:
Firefox 69.0 is available
Version-Release number of selected component (if applicable):
69.0
Additional info:
Release Notes: https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
Security
- CVE-2019-11751: Malicious code execution through command line parameters
- CVE-2019-11746: Use-after-free while manipulating video
- CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
- CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753: Privilege escalation with Mozilla Maint
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1452037https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1452037https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/
2019-09-27
Published