Vulnerability CVE-2019-11730


Published: 2019-07-23

Description:
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Type:

CWE-200

(Information Exposure)

Vendor: Mozilla
Product: Thunderbird 
Version:
9.0.1
9.0
8.0
7.0.1
7.0
60.7.1
60.7.0
60.6.1
60.6.0
60.5.1
60.5.0
60.4.0
60.3.3
60.3.2
60.3.1
60.3.0
60.2.1
60.0
6.0.2
6.0.1
6.0
59.0
58.0
57.0
56.0
55.0
54.0
See more versions on NVD
Product: Firefox 
Version:
9.0.1
9.0
8.0.1
8.0
7.0.1
7.0
67.0.2
66.0.3
66.0.2
66.0.1
66.0
65.0
64.0.2
64.0
63.0.3
63.0.1
63.0
62.0.3
62.0.2
62.0
61.0.2
61.0.1
61.0
60.7.3
60.6.1
60.5.0
60.4.0
60.3.0
60.2.2
60.2.1
60.2.0
60.1.0
60.0.2
60.0.1
60.0
6.0.2
6.0.1
6.0
59.0.3
59.0.2
59.0.1
59.0
58.0.2
58.0.1
58.0
57.0.4
57.0.3
57.0.2
57.0.1
57.0
56.0.2
56.0.1
56.0
55.0.3
55.0.2
55.0.1
55.0
54.0.1
See more versions on NVD
Product: Firefox esr 
Version:
60.7.1
60.7.0
60.6.1
60.6.0
60.5.0
60.4.0
60.3.0
60.2.2
60.2.0
60.1.0
60.0
See more versions on NVD
Vendor: Debian
Product: Debian linux 
Version: 8.0;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1558299
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
https://security.gentoo.org/glsa/201908-12
https://security.gentoo.org/glsa/201908-20
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
https://www.mozilla.org/security/advisories/mfsa2019-23/

Related CVE
CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-15892
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a...
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2015-9383
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
CVE-2015-9381
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVE-2019-14970
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2019-14778
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Copyright 2019, cxsecurity.com

 

Back to Top