CVE-2019-11730
First published: Tue Jul 09 2019(Updated: )
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. Luigi Gubello demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <68 | 68 |
| <68 | 68 | |
| <60.8 | 60.8 | |
| <60.8 | 60.8 | |
| Mozilla Firefox | <68.0 | |
| Mozilla Firefox ESR | <60.8 | |
| Mozilla Thunderbird | <60.8 | |
| Debian Debian Linux | =8.0 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| Suse Package Hub | ||
| SUSE Linux Enterprise | =12.0 | |
| <68 | 68 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1558299
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
- https://security.gentoo.org/glsa/201908-12
- https://security.gentoo.org/glsa/201908-20
- https://www.mozilla.org/security/advisories/mfsa2019-21/
- https://www.mozilla.org/security/advisories/mfsa2019-22/
- https://www.mozilla.org/security/advisories/mfsa2019-23/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2019-11730?
CVE-2019-11730 is a vulnerability that allows locally saved HTML files to access other files in the same directory or sub-directories.
Which software are affected by CVE-2019-11730?
Mozilla Thunderbird versions up to 60.8, Mozilla Thunderbird versions up to 68, Mozilla Firefox versions up to 68, Mozilla Firefox ESR versions up to 60.8, and Debian Linux, openSUSE Leap, Suse Package Hub are affected by CVE-2019-11730.
How can I exploit CVE-2019-11730?
To exploit CVE-2019-11730, an attacker would need to trick a user into opening a locally saved HTML file.
What is the severity of CVE-2019-11730?
CVE-2019-11730 has a severity rating of medium (6.5).
How can I mitigate CVE-2019-11730?
To mitigate CVE-2019-11730, update to Mozilla Thunderbird 60.8 or later, Mozilla Thunderbird 68 or later, or Mozilla Firefox 68 or later.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- vendor/suse
- canonical/suse package hub
- canonical/suse linux enterprise
- version/suse linux enterprise/12.0