#VU20827 Incorrect permission assignment for critical resource in Mozilla Firefox - CVE-2019-11748
Published: September 3, 2019
Vulnerability identifier: #VU20827
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-11748
CWE-ID: CWE-732
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to collect sensitive information.
The vulnerability exists due to the WebRTC in Firefox honors persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. A remote attacker that can create a specially crafted webpage that loads a trusted resource and trick the browser into allowing usage of microphone and camera resources.
Remediation
Install updates from vendor's website.