If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66.
References
| Link | Resource |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1434634 | Issue Tracking Permissions Required Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2019-07/ | Vendor Advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1434634 | Issue Tracking Permissions Required Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2019-07/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1434634 - Issue Tracking, Permissions Required, Vendor Advisory | |
| References | () https://www.mozilla.org/security/advisories/mfsa2019-07/ - Vendor Advisory |
Information
Published : 2019-04-26 17:29
Updated : 2024-11-21 04:52
NVD link : CVE-2019-9808
Mitre link : CVE-2019-9808
CVE.ORG link : CVE-2019-9808
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-346
Origin Validation Error