CVE-2019-11743
published 2019-09-27CVE-2019-11743: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts…
PriorityP414low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EPSS
1.80%
75.8th percentile
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| debian | firefox-esr | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| debian | thunderbird | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| mozilla | firefox | < 60.9.0 | 60.9.0 |
| mozilla | firefox | < 69.0 | 69.0 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.16.04.4 | 69.0+build2-0ubuntu0.16.04.4 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.16.04.1 | 69.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.18.04.1 | 69.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.18.04.1 | 69.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= unspecified < 69 | 69 |
| mozilla | firefox_esr | >= 68.0 < 68.1.0 | 68.1.0 |
| mozilla | firefox_esr | >= unspecified < 60.9 | 60.9 |
| mozilla | firefox_esr | >= unspecified < 68.1 | 68.1 |
| mozilla | thunderbird | < 60.9.0 | 60.9.0 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0+build1-0ubuntu0.16.04.2 | 1:60.9.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:60.9.0+build1-0ubuntu0.18.04.1 | 1:60.9.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 68.0 < 68.1.0 | 68.1.0 |
| mozilla | thunderbird | >= unspecified < 68.1 | 68.1 |
| mozilla | thunderbird | >= unspecified < 60.9 | 60.9 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian3.7LOW
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-98fg-hp5j-cm68: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which r
ghsa_unreviewed·2022-05-24
CVE-2019-11743 [MEDIUM] CWE-203 GHSA-98fg-hp5j-cm68: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which r
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
OSV
thunderbird vulnerabilities
osv·2019-10-08·CVSS 6.5
CVE-2019-11739 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that encrypted S/MIME parts in a multipart message can
leak plaintext contents when included in a HTML reply or forward in some
circumstances. If a user were tricked in to replying to or forwarding a
specially crafted message, an attacker could potentially exploit this to
obtain sensitive information. (CVE-2019-11739)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to obtain sensitive
information, conduct cross-site scripting (XSS) attack, scause a denial
of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752)
OSV
firefox regression
osv·2019-10-08·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, C
OSV
CVE-2019-11743: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which r
osv·2019-09-27·CVSS 3.7
CVE-2019-11743 [LOW] CVE-2019-11743: Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which r
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
OSV
firefox vulnerabilities
osv·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with anothe
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2019-10-08·CVSS 6.5
CVE-2019-11739 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that encrypted S/MIME parts in a multipart message can
leak plaintext contents when included in a HTML reply or forward in some
circumstances. If a user were tricked in to replying to or forwarding a
specially crafted message, an attacker could potentially exploit this to
obtain sensitive information. (CVE-2019-11739)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to obtain sensitive
information, conduct cross-site scripting (XSS) attack, scause a denial
of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742,
CVE-2019-11
Ubuntu
Firefox regression
vendor_ubuntu·2019-10-08·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-4122-1 caused a regression in Firefox.
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could lo
Red Hat
Mozilla: Cross-origin access to unload event attributes
vendor_redhat·2019-09-03·CVSS 3.7
CVE-2019-11743 [LOW] CWE-829 Mozilla: Cross-origin access to unload event attributes
Mozilla: Cross-origin access to unload event attributes
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Ente
Debian
CVE-2019-11743: firefox - Navigation events were not fully adhering to the W3C's "Navigation-Timing Level ...
vendor_debian·2019·CVSS 3.7
CVE-2019-11743 [LOW] CVE-2019-11743: firefox - Navigation events were not fully adhering to the W3C's "Navigation-Timing Level ...
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Scope: local
sid: resolved (fixed in 69.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-11743 Mozilla: Cross-origin access to unload event attributes
bugzilla·2019-09-04·CVSS 3.7
CVE-2019-11743 [LOW] CVE-2019-11743 Mozilla: Cross-origin access to unload event attributes
CVE-2019-11743 Mozilla: Cross-origin access to unload event attributes
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the `unload` event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Yoav Weiss
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:2663 https://access.redhat.com/errata/RHSA-2019:2663
---
This bug is now closed. Further updates for individu
Bugzilla
Firefox 69.0 is available
bugzilla·2019-09-03·CVSS 9.8
CVE-2019-11751 [CRITICAL] Firefox 69.0 is available
Firefox 69.0 is available
Description of problem:
Firefox 69.0 is available
Version-Release number of selected component (if applicable):
69.0
Additional info:
Release Notes: https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
Security
- CVE-2019-11751: Malicious code execution through command line parameters
- CVE-2019-11746: Use-after-free while manipulating video
- CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
- CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753: Privilege escalation with Mozilla Maint
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1560495https://security.gentoo.org/glsa/201911-07https://usn.ubuntu.com/4150-1/https://w3c.github.io/navigation-timinghttps://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-27/https://www.mozilla.org/security/advisories/mfsa2019-29/https://www.mozilla.org/security/advisories/mfsa2019-30/http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1560495https://security.gentoo.org/glsa/201911-07https://usn.ubuntu.com/4150-1/https://w3c.github.io/navigation-timinghttps://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-27/https://www.mozilla.org/security/advisories/mfsa2019-29/https://www.mozilla.org/security/advisories/mfsa2019-30/
2019-09-27
Published