CVE-2019-11724 — Incorrect Authorization in Mozilla Firefox

CWE-863 — Incorrect Authorization CWE-285 — Improper Authorization10 documents7 sources

Severity

6.1MEDIUMNVD

OSV9.8

EPSS

0.4%

top 38.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Opensuse Leap

Timeline

PublishedJul 23

Latest updateMay 24

Description

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5mozilla/firefoxunspecified — 68

▶NVDmozilla/firefox< 68.0

▶Ubuntumozilla/firefox< 68.0+build3-0ubuntu0.16.04.1+3

▶debiandebian/firefox< firefox 68.0-1 (sid)

▶NVDopensuse/leap15.0, 15.1+1

🔴Vulnerability Details

GHSA

GHSA-q64v-p3vv-m993: Application permissions give additional remote troubleshooting permission to the site input↗2022-05-24

▶

OSV

firefox regressions↗2019-07-25

▶

OSV

firefox vulnerabilities↗2019-07-12

▶

OSV

CVE-2019-11724: Application permissions give additional remote troubleshooting permission to the site input↗2019-07-11

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2019-07-25

▶

Ubuntu

Firefox vulnerabilities↗2019-07-12

▶

Red Hat

Mozilla: Retired site input.mozilla.org has remote troubleshooting permissions↗2019-07-09

▶

Debian

CVE-2019-11724: firefox - Application permissions give additional remote troubleshooting permission to the...↗2019

▶

💬Community

Bugzilla

CVE-2019-11724 Mozilla: Retired site input.mozilla.org has remote troubleshooting permissions↗2019-07-18

▶