Main Vulnerability Database Vulnerabilities #VU20828

Information disclosure in Mozilla Firefox - CVE-2019-11749

Published: September 3, 2019

Vulnerability identifier: #VU20828

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-11749

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in WebRTC that allows malicious web content use probing techniques on the getUserMedia API with constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. A remote attacker can use such behavior to fingerprint users.

How to mitigate CVE-2019-11749

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

Information disclosure in Mozilla Firefox - CVE-2019-11749

Detailed vulnerability description

How to mitigate CVE-2019-11749

Sources

Please verify you're human