SB2019102426 - Permissions, Privileges, and Access Controls in firefox (Alpine package)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019102426

SB2019102426 - Permissions, Privileges, and Access Controls in firefox (Alpine package)

Published: October 24, 2019

Security Bulletin ID SB2019102426
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-11765)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Firefox handles messages to the parent process that trigger the 'Click to Play' permission prompt to be shown. A remote attacker can create a specially crafted web page and assign arbitrary permissions instead of 'Click to Play' permission, if the user accepted the permission request.



Remediation

Install update from vendor's website.

References