PT-2019-4563 · Mozilla+2 · Firefox+2

Bignis

Published

2019-05-21

Updated

2024-12-12

CVE-2019-11695

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 67

Description A custom cursor defined by scripting on a site can position itself over the address bar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. The issue is related to an error in determining the user cursor, which can be located over the address bar.

Recommendations For versions prior to 67, update to version 67 or later to resolve the issue. As a temporary workaround, consider avoiding sites that use custom cursors or restricting the use of scripting on untrusted sites until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-1941

ALT-PU-2019-2324

ALT-PU-2019-2479

ALT-PU-2019-2486

BDU:2020-00609

CVE-2019-11695

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3991-1

USN-3991-2

USN-3991-3

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2019-4563 · Mozilla+2 · Firefox+2

CVE-2019-11695

Weakness Enumeration

Related Identifiers

Affected Products

References · 1899