{"api_version":"1","generated_at":"2026-04-23T04:20:54+00:00","cve":"CVE-2019-11697","urls":{"html":"https://cve.report/CVE-2019-11697","api":"https://cve.report/api/cve/CVE-2019-11697.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11697","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11697"},"summary":{"title":"CVE-2019-11697","description":"If the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2019-07-23 14:15:00","updated_at":"2019-07-29 13:51:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-13/","name":"https://www.mozilla.org/security/advisories/mfsa2019-13/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox 67 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1440079","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1440079","refsource":"MISC","tags":["Issue Tracking","Permissions Required","Vendor Advisory"],"title":"1440079 - (CVE-2019-11697) Tricking user into accepting PopupNotification prompts through holding down accessKey","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11697","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11697","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"11697","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11697","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-11697","qid":"371854","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla Multiple Vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-11697","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"67","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Pressing key combinations can bypass installation prompt delays and install extensions"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-13/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-13/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1440079","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1440079"}]},"description":{"description_data":[{"lang":"eng","value":"If the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67."}]}},"nvd":{"publishedDate":"2019-07-23 14:15:00","lastModifiedDate":"2019-07-29 13:51:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"67.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11697","Ordinal":"150019","Title":"CVE-2019-11697","CVE":"CVE-2019-11697","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11697","Ordinal":"1","NoteData":"If the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11697","Ordinal":"2","NoteData":"2019-07-23","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11697","Ordinal":"3","NoteData":"2019-07-23","Type":"Other","Title":"Modified"}]}}}