5.3

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 60.7.0
MozillaFirefox Version < 67.0
MozillaThunderbird Version < 60.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.39% 0.688
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.mozilla.org/security/advisories/mfsa2019-13/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-14/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-15/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1543191
Vendor Advisory
Issue Tracking
Permissions Required