Vulnerability Description
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 69.0 |
| Mozilla | Firefox Esr | < 68.1.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1565374Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-25/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-26/Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1565374Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-25/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-26/Vendor Advisory
FAQ
What is CVE-2019-11749?
CVE-2019-11749 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggerin...
How severe is CVE-2019-11749?
CVE-2019-11749 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11749?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr.