Main Vulnerability Database Vulnerabilities #VU20831

Permissions, Privileges, and Access Controls in Mozilla Firefox - CVE-2019-11737

Published: September 3, 2019

Vulnerability identifier: #VU20831

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-11737

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass CSP.

The vulnerability exists due to incorrect implementation of Content Security Policy (CSP) directive if a wildcard ('*') is specified for the host. A remote attacker can bypass CSP restrictions and gain unauthorized access to the application.

Impact from this issue depends on the web application architecture and may result in information disclosure.

How to mitigate CVE-2019-11737

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

Permissions, Privileges, and Access Controls in Mozilla Firefox - CVE-2019-11737

Detailed vulnerability description

How to mitigate CVE-2019-11737

Sources

Please verify you're human