cbcvebase.
CVE-2019-11765
published 2020-01-08

CVE-2019-11765: A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to…

PriorityP429medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.84%
53.5th percentile
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 70.0-1 (sid)firefox 70.0-1 (sid)
mozillafirefox< 70.070.0
mozillafirefox
mozillafirefox>= 0 < 70.0+build2-0ubuntu0.16.04.170.0+build2-0ubuntu0.16.04.1
mozillafirefox>= 0 < 70.0+build2-0ubuntu0.18.04.170.0+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 70.0+build2-0ubuntu170.0+build2-0ubuntu1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.