1. Home
  2. Vulnerabilities
  3. CVE-2019-11711

CVE-2019-11711

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.43 % (75th)
0.43% Progress
Affected Products 4
Advisories 40
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2019-07-23 14:15:15
(5 years ago)
Updated Date
2023-03-01 16:39:52
(18 months ago)

Affected Products

Debian

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 68.0 version cpe:2.3:a:mozilla:firefox < 68.0
  Mozilla Firefox Esr prior 60.8.0 version cpe:2.3:a:mozilla:firefox_esr < 60.8.0
  Mozilla Thunderbird prior 60.8.0 version cpe:2.3:a:mozilla:thunderbird < 60.8.0

Configuration #2

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0