Cloud Defense Logo

Products

Solutions

Company

CVE-2019-11593 : Security Advisory and Response

Learn about CVE-2019-11593, a vulnerability in Adblock Plus allowing arbitrary code execution. Find out how to mitigate the risk and secure your systems.

A vulnerability in Adblock Plus prior to version 3.5.2 allows for the execution of arbitrary code within a client-side session.

Understanding CVE-2019-11593

This CVE involves a security issue in Adblock Plus that enables the running of unauthorized code during a client-side session.

What is CVE-2019-11593?

The $rewrite filter option in Adblock Plus, before version 3.5.2, permits the execution of arbitrary code within a client-side session. This occurs when a web service loads a script for execution through XMLHttpRequest or Fetch, and the script origin has an open redirect.

The Impact of CVE-2019-11593

The vulnerability allows filter-list maintainers to run arbitrary code in a client-side session, posing a risk of unauthorized code execution.

Technical Details of CVE-2019-11593

This section delves into the technical aspects of the CVE.

Vulnerability Description

The $rewrite filter option in Adblock Plus before version 3.5.2 allows filter-list maintainers to execute arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

Affected Systems and Versions

        Product: Adblock Plus
        Vendor: N/A
        Versions affected: Prior to 3.5.2

Exploitation Mechanism

The vulnerability is exploited when a web service loads a script for execution through XMLHttpRequest or Fetch, and the script origin has an open redirect, enabling the execution of arbitrary code.

Mitigation and Prevention

Steps to address and prevent the CVE.

Immediate Steps to Take

        Update Adblock Plus to version 3.5.2 or later to mitigate the vulnerability.
        Avoid visiting untrusted websites or clicking on suspicious links to reduce the risk of exploitation.

Long-Term Security Practices

        Regularly update software and applications to patch known vulnerabilities.
        Implement secure coding practices to prevent code injection attacks.

Patching and Updates

        Apply patches and updates provided by Adblock Plus to address the vulnerability and enhance security.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now