Vulnerability CVE-2019-11697: Information

Description

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11697

Published: July 23, 2019

Modified: July 29, 2019

Error type identifier: CWE-20

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	67.0-alt1	127.0-alt1	ALT-PU-2019-1941-1	231216	Fixed
firefox	p10	67.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2019-1941-1	231216	Fixed
firefox	p9	68.0.1-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2019-2479-1	235125	Fixed
firefox	p8	68.0.1-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2019-2938-1	236175	Fixed
firefox	c10f1	67.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2019-1941-1	231216	Fixed
firefox	c9f2	68.0.1-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2019-2479-1	235125	Fixed
firefox	p11	67.0-alt1	126.0.1-alt1	ALT-PU-2019-1941-1	231216	Fixed
firefox-esr	sisyphus	68.0.1-alt1	115.11.0-alt1	ALT-PU-2019-2324-1	234871	Fixed
firefox-esr	p10	68.0.1-alt1	115.11.0-alt1	ALT-PU-2019-2324-1	234871	Fixed
firefox-esr	p9	68.0.2-alt1	102.11.0-alt0.c9.1	ALT-PU-2019-2486-1	235108	Fixed
firefox-esr	p8	68.1.0-alt1.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2019-2937-1	236175	Fixed
firefox-esr	c10f1	68.0.1-alt1	115.9.1-alt0.c10.1	ALT-PU-2019-2324-1	234871	Fixed
firefox-esr	c9f2	68.0.2-alt1	102.12.0-alt0.c9.1	ALT-PU-2019-2486-1	235108	Fixed
firefox-esr	p11	68.0.1-alt1	115.11.0-alt1	ALT-PU-2019-2324-1	234871	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2019-13/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1440079	Issue Tracking Permissions Required Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  67.0

Version: v24.5.3

Vulnerability CVE-2019-11697: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1