CVE-2019-11741
MEDIUMFirefox < 69.0 - Universal Cross-Site Scripting via Sandboxed Content Process
Title source: llmDescription
A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1539595
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2019-25/
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
47.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mozilla/firefox
< 69.0
Published
Sep 27, 2019
Tracked Since
Feb 18, 2026