Allele Security Alert
ASA-2019-00446
Identifier(s)
ASA-2019-00446, CVE-2019-11725, MFSA2019-21
Title
Websocket resources bypass safebrowsing protections
Vendor(s)
Mozilla Foundation
Product(s)
Mozilla Firefox
Affected version(s)
Mozilla Firefox version before 68
Fixed version(s)
Mozilla Firefox version 68
Proof of concept
Unknown
Description
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections.
Technical details
Unknown
Credits
Andrey
Reference(s)
Mozilla Foundation Security Advisory 2019-21
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11725
Bug 1483510
https://bugzilla.mozilla.org/show_bug.cgi?id=1483510
CVE-2019-11725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11725
CVE-2019-11725
https://nvd.nist.gov/vuln/detail/CVE-2019-11725
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 18, 2019