CVE-2019-11697
Description
If the ALT and a keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.203
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Mozilla Firefox (x64) 66.0.5 | Windows |
| Multiple vulnerabilities affected in Mozilla_Firefox 66.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 66.0.5 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-317793 | Mozilla Firefox (x64) (84.0.2) |
| PATCH-317792 | Mozilla Firefox (84.0.2) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234