CVE-2019-11765
Last modified
CVE-2019-11765 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. EPSS estimates a 0.84% chance of exploitation in the next 30 days.
Description
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 70.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1562582Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2019-34/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1562582Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2019-34/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11765?
How severe is CVE-2019-11765?
How do I fix CVE-2019-11765?
Are you affected by CVE-2019-11765?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST