6.5

CVE-2019-11725

EPSS 0.25%
Veröffentlicht 23.07.2019 14:15:16
Zuletzt bearbeitet 21.11.2024 04:21:40
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 68.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.477

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

https://security.gentoo.org/glsa/201908-12

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

Third Party Advisory

Mailing List

https://www.mozilla.org/security/advisories/mfsa2019-21/

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

Third Party Advisory

Mailing List

https://bugzilla.mozilla.org/show_bug.cgi?id=1483510

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2019-11725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11725

EUVD