CVE-2019-11765

2019-10-2300:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.9%

JSON

A compromised content process could send a message to the parent process
that would cause the ‘Click to Play’ permission prompt to be shown.
However, due to lack of validation from the parent process, if the user
accepted the permission request an attacker-controlled permission would be
granted rather than the ‘Click to Play’ permission. This vulnerability
affects Firefox < 70.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfirefox< 70.0+build2-0ubuntu0.18.04.1UNKNOWN
ubuntu19.04noarchfirefox< 70.0+build2-0ubuntu0.19.04.1UNKNOWN
ubuntu19.10noarchfirefox< 70.0+build2-0ubuntu0.19.10.1UNKNOWN
ubuntu20.04noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN
ubuntu20.10noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN
ubuntu21.04noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN
ubuntu21.10noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN
ubuntu22.04noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN
ubuntu22.10noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN
ubuntu23.04noarchfirefox< 70.0+build2-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	firefox	< 70.0+build2-0ubuntu0.18.04.1	UNKNOWN
ubuntu	19.04	noarch	firefox	< 70.0+build2-0ubuntu0.19.04.1	UNKNOWN
ubuntu	19.10	noarch	firefox	< 70.0+build2-0ubuntu0.19.10.1	UNKNOWN
ubuntu	20.04	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN
ubuntu	20.10	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN
ubuntu	21.04	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN
ubuntu	21.10	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN
ubuntu	22.04	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN
ubuntu	22.10	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN
ubuntu	23.04	noarch	firefox	< 70.0+build2-0ubuntu1	UNKNOWN