What is CVE-2019-11762?

CVE-2019-11762 is a vulnerability in Mozilla's Firefox and Thunderbird that allows two same-origin documents to call arbitrary DOM methods/getters/setters on a cross-origin window.

What is the severity of CVE-2019-11762?

CVE-2019-11762 has a severity rating of medium with a CVSS score of 6.1.

Which software is affected by CVE-2019-11762?

Firefox versions 68.2.0-4.el6_10, 68.2.0-1.el7_7, 68.2.0-2.el8_0, and Thunderbird versions 68.2.0-2.el6_10, 68.2.0-1.el7_7, 68.2.0-1.el8_0 are affected by CVE-2019-11762.

How can CVE-2019-11762 be remediated?

To remediate CVE-2019-11762, users should update their Firefox or Thunderbird software to versions 68.2.0 or later.

Where can I find more information about CVE-2019-11762?

Additional information about CVE-2019-11762 can be found in the following references: Mozilla Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1582857, Mozilla MFSA2019-33 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/, Mozilla MFSA2019-35 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/

Vulnerability/
CVE-2019-11762

medium

6.1

CWE

346 829

22/10/2019

1/2/2023

CVE-2019-11762

First published: Tue Oct 22 2019(Updated: )

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two different sites on two different windows running under the same application.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
redhat/firefox	<0:68.2.0-4.el6_10	0:68.2.0-4.el6_10
redhat/thunderbird	<0:68.2.0-2.el6_10	0:68.2.0-2.el6_10
redhat/firefox	<0:68.2.0-1.el7_7	0:68.2.0-1.el7_7
redhat/thunderbird	<0:68.2.0-1.el7_7	0:68.2.0-1.el7_7
redhat/firefox	<0:68.2.0-2.el8_0	0:68.2.0-2.el8_0
redhat/thunderbird	<0:68.2.0-1.el8_0	0:68.2.0-1.el8_0
redhat/firefox	<68.2	68.2
redhat/thunderbird	<68.2	68.2
Mozilla Thunderbird	<68.2	68.2
Mozilla Firefox ESR	<68.2	68.2
Mozilla Firefox	<70	70
Mozilla Firefox	<70.0
Mozilla Firefox ESR	<68.2
Mozilla Thunderbird	<68.2
Canonical Ubuntu Linux	=16.04
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0+	70.0+
ubuntu/firefox	<70.0	70.0
ubuntu/firefox	<70.0+	70.0+
ubuntu/thunderbird	<1:68.2.1+	1:68.2.1+
ubuntu/thunderbird	<1:68.2.1+	1:68.2.1+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<1:68.2.0+	1:68.2.0+
ubuntu/thunderbird	<68.2	68.2
ubuntu/thunderbird	<1:68.7.0+	1:68.7.0+
debian/firefox		125.0.3-1
debian/firefox-esr		91.12.0esr-1~deb10u1 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.10.0esr-1
debian/thunderbird		1:91.12.0-1~deb10u1 1:115.10.1-1~deb10u1 1:115.7.0-1~deb11u1 1:115.10.1-1~deb11u1 1:115.7.0-1~deb12u1 1:115.10.1-1~deb12u1 1:115.10.1-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2019-11762?
CVE-2019-11762 is a vulnerability in Mozilla's Firefox and Thunderbird that allows two same-origin documents to call arbitrary DOM methods/getters/setters on a cross-origin window.
What is the severity of CVE-2019-11762?
CVE-2019-11762 has a severity rating of medium with a CVSS score of 6.1.
Which software is affected by CVE-2019-11762?
Firefox versions 68.2.0-4.el6_10, 68.2.0-1.el7_7, 68.2.0-2.el8_0, and Thunderbird versions 68.2.0-2.el6_10, 68.2.0-1.el7_7, 68.2.0-1.el8_0 are affected by CVE-2019-11762.
How can CVE-2019-11762 be remediated?
To remediate CVE-2019-11762, users should update their Firefox or Thunderbird software to versions 68.2.0 or later.
Where can I find more information about CVE-2019-11762?
Additional information about CVE-2019-11762 can be found in the following references: Mozilla Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1582857, Mozilla MFSA2019-33 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/, Mozilla MFSA2019-35 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/

collector/redhat-cve
agent/type
agent/last-modified-date
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-11762
agent/software-canonical-lookup
collector/mozilla-advisory
source/Mozilla
agent/description
agent/weakness
agent/severity
agent/software-canonical-lookup-request
agent/references
collector/nvd-cve
source/NVD
collector/nvd-index
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox esr
canonical/mozilla firefox
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
package-manager/debian
package-manager/ubuntu