cbcvebase.
CVE-2019-11748
published 2019-09-27

CVE-2019-11748: WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of…

PriorityP428medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
1.03%
59.5th percentile
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 69.0-1 (sid)firefox 69.0-1 (sid)
debianfirefox-esr< firefox 69.0-1 (sid)firefox 69.0-1 (sid)
mozillafirefox< 69.069.0
mozillafirefox>= 0 < 69.0+build2-0ubuntu0.16.04.469.0+build2-0ubuntu0.16.04.4
mozillafirefox>= 0 < 69.0.2+build1-0ubuntu0.16.04.169.0.2+build1-0ubuntu0.16.04.1
mozillafirefox>= 0 < 69.0+build2-0ubuntu0.18.04.169.0+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 69.0.2+build1-0ubuntu0.18.04.169.0.2+build1-0ubuntu0.18.04.1
mozillafirefox>= unspecified < 6969
mozillafirefox_esr< 68.1.068.1.0
mozillafirefox_esr>= unspecified < 68.168.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.