CVE-2019-11723
First published: Tue Jul 09 2019(Updated: )
A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <68 | 68 |
| <68 | 68 | |
| Mozilla Firefox | <68.0 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| <68 | 68 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1528335
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
- https://security.gentoo.org/glsa/201908-12
- https://www.mozilla.org/security/advisories/mfsa2019-21/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2019-11723?
CVE-2019-11723 refers to a vulnerability that exists during the installation of add-ons in Mozilla Firefox and Thunderbird, which could leak cookies in private browsing mode or across different containers.
Which software versions are affected by CVE-2019-11723?
Mozilla Firefox versions up to but excluding 68.0, Mozilla Thunderbird versions up to but excluding 68.0, openSUSE Leap 15.0, and openSUSE Leap 15.1 are affected by CVE-2019-11723.
What is the severity of CVE-2019-11723?
The severity of CVE-2019-11723 is rated as high with a severity value of 7.5.
How can I fix the vulnerability CVE-2019-11723?
To fix CVE-2019-11723, update your Mozilla Firefox or Thunderbird to version 68.0 or later, or update your openSUSE Leap 15.0 or 15.1 to the latest patches.
Where can I find more information about CVE-2019-11723?
You can find more information about CVE-2019-11723 on the Mozilla Bugzilla website and the Mozilla Security Advisories website.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1