CVE-2019-11749Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure11 documents7 sources
Severity
4.3MEDIUMNVD
OSV9.8
EPSS
0.4%
top 41.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRDebian Firefox+1 more
Timeline
PublishedSep 27
Latest updateMay 24

Description

A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

debiandebian/firefox< firefox 69.0-1 (sid)
CVEListV5mozilla/firefoxunspecified69
NVDmozilla/firefox< 69.0
debiandebian/firefox-esr< firefox 69.0-1 (sid)
CVEListV5mozilla/firefox_esrunspecified68.1

🔴Vulnerability Details

4
GHSA
GHSA-4v6f-vqcf-8j87: A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device pro2022-05-24
OSV
firefox regression2019-10-08
OSV
CVE-2019-11749: A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device pro2019-09-27
OSV
firefox vulnerabilities2019-09-04

📋Vendor Advisories

4
Ubuntu
Firefox regression2019-10-08
Ubuntu
Firefox vulnerabilities2019-09-04
Red Hat
Mozilla: Camera information available without prompting using getUserMedia2019-09-03
Debian
CVE-2019-11749: firefox - A vulnerability exists in WebRTC where malicious web content can use probing tec...2019

💬Community

2
Bugzilla
CVE-2019-11749 Mozilla: Camera information available without prompting using getUserMedia2019-09-04
Bugzilla
Firefox 69.0 is available2019-09-03