CVE-2019-11725

critical

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

9.5

Description

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-11725

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201907-4

OS impact

OS	Version	Status	Fixed in
arch		fixed	`68.0-1`
debian	sid	fixed	`68.0-1`

References

https://security.archlinux.org/ASA-201907-4
https://security-tracker.debian.org/tracker/CVE-2019-11725

Verify integrity in audit chain (admin only). AS-IS.