6.5

CVE-2019-11725

EPSS 0.25%
Published 23.07.2019 14:15:16
Last modified 21.11.2024 04:21:40
Source security@mozilla.org
Teams watchlist Login
Open Login

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.

Affected products Warnungen 0 Metrics 3 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 68.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.477

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

https://security.gentoo.org/glsa/201908-12

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

Third Party Advisory

Mailing List

https://www.mozilla.org/security/advisories/mfsa2019-21/

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

Third Party Advisory

Mailing List

https://bugzilla.mozilla.org/show_bug.cgi?id=1483510

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2019-11725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11725

EUVD