CVE-2019-18893
Summary
| CVE | CVE-2019-18893 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-13 17:15:00 UTC |
| Updated | 2020-01-22 19:47:00 UTC |
| Description | XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avast | Secure Browser | 77.1.1831.91 | All | All | All |
| Application | Avast | Secure Browser | 77.1.1831.91 | All | All | All |
| Application | Avg | Secure Browser | 77.0.1790.77 | All | All | All |
| Application | Avg | Secure Browser | 77.0.1790.77 | All | All | All |
| Application | Video Downloader Project | Video Downloader | All | All | All | All |
| Application | Video Downloader Project | Video Downloader | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pwning Avast Secure Browser for fun and profit | Almost Secure | MISC | palant.de | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.