Vulnerability Details : CVE-2019-11724
Potential exploit
Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68.
Products affected by CVE-2019-11724
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11724
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11724
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2019-11724
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11724
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
[security-announce] openSUSE-SU-2019:2248-1: important: Security updateMailing List;Third Party Advisory
-
https://www.mozilla.org/security/advisories/mfsa2019-21/
Security vulnerabilities fixed in Firefox 68 — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
[security-announce] openSUSE-SU-2019:2251-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
[security-announce] openSUSE-SU-2019:2249-1: important: Security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201908-12
Mozilla Firefox: Multiple vulnerabilities (GLSA 201908-12) — Gentoo securityThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1512511
1512511 - (CVE-2019-11724) Remove input.mozilla.org from browser/app/permissionsExploit;Issue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
[security-announce] openSUSE-SU-2019:2260-1: important: Security updateMailing List;Third Party Advisory
Jump to