Vulnerability Description
A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox < 67.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 67.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1445844ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-13/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1445844ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-13/Vendor Advisory
FAQ
What is CVE-2019-11695?
CVE-2019-11695 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be u...
How severe is CVE-2019-11695?
CVE-2019-11695 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11695?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.