Main Vulnerability Database Vulnerabilities #VU22169

#VU22169 Permissions, Privileges, and Access Controls in Mozilla Firefox - CVE-2019-11765

Published: October 23, 2019

Vulnerability identifier: #VU22169

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-11765

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Firefox handles messages to the parent process that trigger the 'Click to Play' permission prompt to be shown. A remote attacker can create a specially crafted web page and assign arbitrary permissions instead of 'Click to Play' permission, if the user accepted the permission request.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/

#VU22169 Permissions, Privileges, and Access Controls in Mozilla Firefox - CVE-2019-11765

Description

Remediation

External links

Please verify you're human