If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
Acknowledgments: Name: the Mozilla project Upstream: Kris Maglione
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3193 https://access.redhat.com/errata/RHSA-2019:3193
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3196 https://access.redhat.com/errata/RHSA-2019:3196
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11762
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3210 https://access.redhat.com/errata/RHSA-2019:3210
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3237 https://access.redhat.com/errata/RHSA-2019:3237
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3281 https://access.redhat.com/errata/RHSA-2019:3281
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3756 https://access.redhat.com/errata/RHSA-2019:3756