CVE-2019-11725
First published: Tue Jul 09 2019(Updated: )
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <68 | 68 |
| <68 | 68 | |
| Mozilla Firefox | <68.0 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| <68 | 68 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1483510
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
- https://security.gentoo.org/glsa/201908-12
- https://www.mozilla.org/security/advisories/mfsa2019-21/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2019-11725?
The severity of CVE-2019-11725 is medium.
Which software products are affected by CVE-2019-11725?
Mozilla Thunderbird, Mozilla Firefox, openSUSE Leap 15.0, and openSUSE Leap 15.1 are affected by CVE-2019-11725.
How does CVE-2019-11725 impact web browsing?
CVE-2019-11725 allows the loading of unsafe resources and bypassing of Safebrowsing protections when a user navigates to a site marked as unsafe.
How can I fix CVE-2019-11725?
Update Mozilla Thunderbird and Mozilla Firefox to version 68.0 or later, or update openSUSE Leap to a version higher than 15.1.
Where can I find more information about CVE-2019-11725?
You can find more information about CVE-2019-11725 at the following references: [1] [2] [3].
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/event
- agent/description
- agent/author
- agent/references
- agent/severity
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1