By using a form with a data URI it was possible to gain access to the privileged `JSONView` object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
Acknowledgments: Name: the Mozilla project Upstream: Cody Crews
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3193 https://access.redhat.com/errata/RHSA-2019:3193
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3196 https://access.redhat.com/errata/RHSA-2019:3196
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11761
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3210 https://access.redhat.com/errata/RHSA-2019:3210
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3237 https://access.redhat.com/errata/RHSA-2019:3237
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3281 https://access.redhat.com/errata/RHSA-2019:3281
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3756 https://access.redhat.com/errata/RHSA-2019:3756