Security Advisory

CVE-2019-11718

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-23 13:17:58

Last updated 2024-08-04 23:03:32

Assigner mozilla

State PUBLISHED

Description

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.

← Browse all CVEs View on cve.org ↗