Main Vulnerability Database Vulnerabilities #VU20827

Incorrect permission assignment for critical resource in Mozilla Firefox - CVE-2019-11748

Published: September 3, 2019

Vulnerability identifier: #VU20827

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-11748

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to collect sensitive information.

The vulnerability exists due to the WebRTC in Firefox honors persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. A remote attacker that can create a specially crafted webpage that loads a trusted resource and trick the browser into allowing usage of microphone and camera resources.

How to mitigate CVE-2019-11748

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

Incorrect permission assignment for critical resource in Mozilla Firefox - CVE-2019-11748

Detailed vulnerability description

How to mitigate CVE-2019-11748

Sources

Please verify you're human