CVE-2019-11715: XSS
First published: Tue Jul 09 2019(Updated: )
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <68 | 68 |
| <68 | 68 | |
| <60.8 | 60.8 | |
| <60.8 | 60.8 | |
| Mozilla Firefox | <68.0 | |
| Mozilla Firefox ESR | <60.8.0 | |
| Mozilla Thunderbird | <60.8.0 | |
| <68 | 68 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1555523
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
- https://security.gentoo.org/glsa/201908-12
- https://security.gentoo.org/glsa/201908-20
- https://www.mozilla.org/security/advisories/mfsa2019-21/
- https://www.mozilla.org/security/advisories/mfsa2019-22/
- https://www.mozilla.org/security/advisories/mfsa2019-23/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-11715.
Which software versions are affected by this vulnerability?
This vulnerability affects Firefox ESR versions prior to 60.8, Firefox versions prior to 68, and Thunderbird versions prior to 60.8.
What is the severity of CVE-2019-11715?
CVE-2019-11715 has a severity score of 6.1 (medium severity).
How can this vulnerability be exploited?
This vulnerability can be exploited by misinterpreting properly sanitized user input, leading to XSS hazards on certain websites.
How do I fix CVE-2019-11715?
To fix CVE-2019-11715, you should update Firefox ESR to version 60.8 or later, Firefox to version 68 or later, or Thunderbird to version 60.8 or later.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/description
- agent/author
- agent/references
- agent/severity
- agent/software-canonical-lookup-request
- agent/weakness
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox