Security Advisory

CVE-2019-11716

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-23 13:18:19

Last updated 2024-08-04 23:03:32

Assigner mozilla

State PUBLISHED

Description

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.

← Browse all CVEs View on cve.org ↗