CVE-2019-11716: Input Validation

Q: What is the severity of CVE-2019-11716?

The severity of CVE-2019-11716 is high, with a severity value of 8.3.

Q: Which software is affected by CVE-2019-11716?

CVE-2019-11716 affects Mozilla Thunderbird 68, Mozilla Firefox 68, and Mozilla Firefox 68.0.

Q: How can I fix CVE-2019-11716?

To fix CVE-2019-11716, update Mozilla Thunderbird to version 68 or later, or update Mozilla Firefox to version 68.0 or later.

Q: What is the CWE of CVE-2019-11716?

The CWE of CVE-2019-11716 is CWE-20.

Q: Where can I find more information about CVE-2019-11716?

More information about CVE-2019-11716 can be found in the following references: [link1], [link2], [link3].

Published Jul 9, 2019

Updated

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed.

Affected Software

3 affected componentsFixes available

Mozilla Thunderbird<68

Mozilla Firefox<68

Mozilla Firefox<68.0

Event History

Jul 9, 2019

CVE Published

12:00 AM

Jul 23, 2019

CVE Published

via MITRE·01:18 PM

Data Sourced

via MITRE·01:18 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2019-11716?

The severity of CVE-2019-11716 is high, with a severity value of 8.3.

Which software is affected by CVE-2019-11716?

CVE-2019-11716 affects Mozilla Thunderbird 68, Mozilla Firefox 68, and Mozilla Firefox 68.0.

How can I fix CVE-2019-11716?