CVE-2019-11743 — Observable Discrepancy in Mozilla Firefox
Severity
3.7LOWNVD
OSV9.8OSV6.5
EPSS
1.0%
top 23.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 27
Latest updateMay 24
Description
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4
Affected Packages12 packages
🔴Vulnerability Details
5GHSA▶
GHSA-98fg-hp5j-cm68: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which r↗2022-05-24
OSV▶
CVE-2019-11743: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which r↗2019-09-27
📋Vendor Advisories
5Debian▶
CVE-2019-11743: firefox - Navigation events were not fully adhering to the W3C's "Navigation-Timing Level ...↗2019