Vulnerability Description
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 70.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1562582Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2019-34/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1562582Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2019-34/Vendor Advisory
FAQ
What is CVE-2019-11765?
CVE-2019-11765 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process,...
How severe is CVE-2019-11765?
CVE-2019-11765 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11765?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.