CVE-2019-11725
MEDIUMFirefox < 68.0 - Safebrowsing Protection Bypass via WebSocket Resource Loading
Title source: llmDescription
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2019-21/
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1483510
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-12
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
Scores
CVSS v3
6.5
EPSS
0.0023
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (3)
mozilla/firefox
< 68.0
opensuse/leap
15.0
opensuse/leap
15.1
Published
Jul 23, 2019
Tracked Since
Feb 18, 2026