CVE-2019-11742 — Inclusion of Functionality from Untrusted Control Sphere in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV9.8
EPSS
0.5%
top 32.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 27
Latest updateMay 24
Description
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages12 packages
🔴Vulnerability Details
5GHSA▶
GHSA-vcf4-987q-qj6p: A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in↗2022-05-24
OSV▶
CVE-2019-11742: A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in↗2019-09-27