CVE-2019-11697
Last modified
CVE-2019-11697 is a vulnerability of currently unknown severity. If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 67.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1440079Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-13/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1440079Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-13/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11697?
How severe is CVE-2019-11697?
How do I fix CVE-2019-11697?
Are you affected by CVE-2019-11697?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST