VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	5.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2019-11761
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2019-11761
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2019-11761
archlinux	Critical	https://security.archlinux.org/AVG-1054
archlinux	Critical	https://security.archlinux.org/AVG-1055
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2019-33
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2019-34
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2019-35

System

Score

Found at

cvssv3

5.4

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

epss

0.00473

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

cvssv2

5.8

https://nvd.nist.gov/vuln/detail/CVE-2019-11761

cvssv3.1

5.4

https://nvd.nist.gov/vuln/detail/CVE-2019-11761

archlinux

Critical

https://security.archlinux.org/AVG-1054

archlinux

Critical

https://security.archlinux.org/AVG-1055

generic_textual

critical

https://www.mozilla.org/en-US/security/advisories/mfsa2019-33

generic_textual

critical

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34

generic_textual

critical

https://www.mozilla.org/en-US/security/advisories/mfsa2019-35

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-11761
		https://bugzilla.mozilla.org/show_bug.cgi?id=1561502
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
		https://security.gentoo.org/glsa/202003-10
		https://www.mozilla.org/security/advisories/mfsa2019-33/
		https://www.mozilla.org/security/advisories/mfsa2019-35/
1764442		https://bugzilla.redhat.com/show_bug.cgi?id=1764442
ASA-201910-15		https://security.archlinux.org/ASA-201910-15
ASA-201910-16		https://security.archlinux.org/ASA-201910-16
AVG-1054		https://security.archlinux.org/AVG-1054
AVG-1055		https://security.archlinux.org/AVG-1055
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
CVE-2019-11761		https://nvd.nist.gov/vuln/detail/CVE-2019-11761
mfsa2019-33		https://www.mozilla.org/en-US/security/advisories/mfsa2019-33
mfsa2019-34		https://www.mozilla.org/en-US/security/advisories/mfsa2019-34
mfsa2019-35		https://www.mozilla.org/en-US/security/advisories/mfsa2019-35
RHSA-2019:3193		https://access.redhat.com/errata/RHSA-2019:3193
RHSA-2019:3196		https://access.redhat.com/errata/RHSA-2019:3196
RHSA-2019:3210		https://access.redhat.com/errata/RHSA-2019:3210
RHSA-2019:3237		https://access.redhat.com/errata/RHSA-2019:3237
RHSA-2019:3281		https://access.redhat.com/errata/RHSA-2019:3281
RHSA-2019:3756		https://access.redhat.com/errata/RHSA-2019:3756
USN-4165-1		https://usn.ubuntu.com/4165-1/
USN-4202-1		https://usn.ubuntu.com/4202-1/
USN-4335-1		https://usn.ubuntu.com/4335-1/

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json

https://api.first.org/data/v1/epss?cve=CVE-2019-11761

https://bugzilla.mozilla.org/show_bug.cgi?id=1561502

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903

https://security.gentoo.org/glsa/202003-10

https://www.mozilla.org/security/advisories/mfsa2019-33/

https://www.mozilla.org/security/advisories/mfsa2019-35/

1764442

https://bugzilla.redhat.com/show_bug.cgi?id=1764442

ASA-201910-15

https://security.archlinux.org/ASA-201910-15

ASA-201910-16

https://security.archlinux.org/ASA-201910-16

AVG-1054

https://security.archlinux.org/AVG-1054

AVG-1055

https://security.archlinux.org/AVG-1055

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

CVE-2019-11761

https://nvd.nist.gov/vuln/detail/CVE-2019-11761

mfsa2019-33

https://www.mozilla.org/en-US/security/advisories/mfsa2019-33

mfsa2019-34

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34

mfsa2019-35

https://www.mozilla.org/en-US/security/advisories/mfsa2019-35

RHSA-2019:3193

https://access.redhat.com/errata/RHSA-2019:3193

RHSA-2019:3196

https://access.redhat.com/errata/RHSA-2019:3196

RHSA-2019:3210

https://access.redhat.com/errata/RHSA-2019:3210

RHSA-2019:3237

https://access.redhat.com/errata/RHSA-2019:3237

RHSA-2019:3281

https://access.redhat.com/errata/RHSA-2019:3281

RHSA-2019:3756

https://access.redhat.com/errata/RHSA-2019:3756

USN-4165-1

https://usn.ubuntu.com/4165-1/

USN-4202-1

https://usn.ubuntu.com/4202-1/

USN-4335-1

https://usn.ubuntu.com/4335-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:57.525133+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2019/mfsa2019-33.yml	37.0.0

2025-07-31T08:09:57.525133+00:00

Mozilla Importer

Import

https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2019/mfsa2019-33.yml

37.0.0

Vulnerability ID	VCID-8tzv-gj9z-fkev
Aliases	CVE-2019-11761
Summary	By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-862	Missing Authorization
CWE-749	Exposed Dangerous Method or Function

Percentile	0.63704
EPSS Score	0.00473
Published At	July 30, 2025, 12:55 p.m.