CVEs-PoC/2019/CVE-2019-11743.md

CVE-2019-11743

Description

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

POC

Reference

• https://www.mozilla.org/security/advisories/mfsa2019-29/

Github

No PoCs found on GitHub currently.