CVE-2019-9808 — Origin Validation Error in Mozilla Firefox

CWE-346 — Origin Validation Error12 documents5 sources

Severity

5.3MEDIUMNVD

OSV9.8

EPSS

0.1%

top 74.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedApr 26

Latest updateMay 24

Description

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/firefox< firefox 66.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 66

▶NVDmozilla/firefox< 66.0

▶Ubuntumozilla/firefox< 66.0.2+build1-0ubuntu0.14.04.1+8

🔴Vulnerability Details

GHSA

GHSA-m543-phjx-rgwv: If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain↗2022-05-24

▶

OSV

firefox regressions↗2019-04-16

▶

OSV

firefox regression↗2019-03-28

▶

OSV

firefox vulnerabilities↗2019-03-25

▶

OSV

firefox vulnerabilities↗2019-03-21

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2019-04-16

▶

Ubuntu

Firefox regression↗2019-03-28

▶

Ubuntu

Firefox vulnerabilities↗2019-03-25

▶

Ubuntu

Firefox vulnerabilities↗2019-03-21

▶

Debian

CVE-2019-9808: firefox - If WebRTC permission is requested from documents with data: or blob: URLs, the p...↗2019

▶