Main Vulnerability Database Vulnerabilities #VU20827

#VU20827 Incorrect permission assignment for critical resource in Mozilla Firefox - CVE-2019-11748

Published: September 3, 2019

Vulnerability identifier: #VU20827

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-11748

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to collect sensitive information.

The vulnerability exists due to the WebRTC in Firefox honors persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. A remote attacker that can create a specially crafted webpage that loads a trusted resource and trick the browser into allowing usage of microphone and camera resources.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

#VU20827 Incorrect permission assignment for critical resource in Mozilla Firefox - CVE-2019-11748

Description

Remediation

External links

Please verify you're human