PT-2019-4563 · Mozilla+2 · Firefox+2

Bignis

Publicado

2019-05-21

Atualizado

2024-12-12

CVE-2019-11695

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 67

Description A custom cursor defined by scripting on a site can position itself over the address bar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. The issue is related to an error in determining the user cursor, which can be located over the address bar.

Recommendations For versions prior to 67, update to version 67 or later to resolve the issue. As a temporary workaround, consider avoiding sites that use custom cursors or restricting the use of scripting on untrusted sites until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2019-1941

ALT-PU-2019-2324

ALT-PU-2019-2479

ALT-PU-2019-2486

BDU:2020-00609

CVE-2019-11695

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3991-1

USN-3991-2

USN-3991-3

Produtos afetados

Alt Linux

Firefox

Ubuntu

PT-2019-4563 · Mozilla+2 · Firefox+2

CVE-2019-11695

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1899