Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11765

Опубликовано: 08 янв. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.

РелизСтатусПримечание
bionic

released

70.0+build2-0ubuntu0.18.04.1
devel

released

70.0+build2-0ubuntu1
disco

released

70.0+build2-0ubuntu0.19.04.1
eoan

released

70.0+build2-0ubuntu0.19.10.1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

70.0+build2-0ubuntu1
groovy

released

70.0+build2-0ubuntu1
hirsute

released

70.0+build2-0ubuntu1
impish

released

70.0+build2-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life
hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 54%
0.00309
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-11765

CVSS3: 6.5
nvd
около 6 лет назад

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.

debian логотип

CVE-2019-11765

CVSS3: 6.5
debian
около 6 лет назад

A compromised content process could send a message to the parent proce ...

github логотип

GHSA-54vc-64p7-55q5

github
больше 3 лет назад

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70.

fstec логотип

BDU:2020-01660

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость запроса Click to Play веб-браузера Firefox, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 54%
0.00309
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3