CVE-2019-11728: Medium severity firefox vulnerability

Q: What is CVE-2019-11728?

CVE-2019-11728 is a vulnerability that allows a malicious site to scan all TCP ports of any host accessible to a user when web content is loaded.

Q: Which software versions are affected by CVE-2019-11728?

Firefox versions prior to 68 are affected by CVE-2019-11728.

Q: How does CVE-2019-11728 affect Thunderbird?

Thunderbird versions prior to 68 are affected by CVE-2019-11728.

Q: What is the severity of CVE-2019-11728?

The severity of CVE-2019-11728 is medium with a CVSS score of 4.7.

Q: How to fix CVE-2019-11728?

To fix CVE-2019-11728, it is recommended to update Firefox or Thunderbird to version 68 or later.

Published Jul 9, 2019

Updated

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded.

Affected Software

5 affected componentsFixes available

Mozilla Firefox<68.0

openSUSE Leap=15.0

openSUSE Leap=15.1

Mozilla Thunderbird<68

Mozilla Firefox<68

Event History

Jul 9, 2019

CVE Published

12:00 AM

Jul 23, 2019

CVE Published

via MITRE·01:16 PM

Data Sourced

via MITRE·01:16 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-11728?

CVE-2019-11728 is a vulnerability that allows a malicious site to scan all TCP ports of any host accessible to a user when web content is loaded.

Which software versions are affected by CVE-2019-11728?

Firefox versions prior to 68 are affected by CVE-2019-11728.

How does CVE-2019-11728 affect Thunderbird?