CVE-2019-11697
Summary
| CVE | CVE-2019-11697 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-23 14:15:00 UTC |
| Updated | 2019-07-29 13:51:00 UTC |
| Description | If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security vulnerabilities fixed in Firefox 67 — Mozilla | MISC | www.mozilla.org | Vendor Advisory |
| 1440079 - (CVE-2019-11697) Tricking user into accepting PopupNotification prompts through holding down accessKey | MISC | bugzilla.mozilla.org | Issue Tracking, Permissions Required, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 371854 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla Multiple Vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)