logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-11697

Description

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. #### Notes Author| Note ---|--- [tyhicks](<https://launchpad.net/~tyhicks>) | mozjs contains a copy of the SpiderMonkey JavaScript engine


Affected Package


OS OS Version Package Name Package Version
ubuntu 18.10 firefox 67.0+build2-0ubuntu0.18.10.1
ubuntu 19.04 firefox 67.0+build2-0ubuntu0.19.04.1
ubuntu 19.10 firefox 67.0+build2-0ubuntu1
ubuntu 20.04 firefox 67.0+build2-0ubuntu1
ubuntu 20.10 firefox 67.0+build2-0ubuntu1
ubuntu 21.04 firefox 67.0+build2-0ubuntu1
ubuntu 21.10 firefox 67.0+build2-0ubuntu1
ubuntu 22.04 firefox 67.0+build2-0ubuntu1
ubuntu upstream firefox 67.0+build2-0ubuntu1
ubuntu upstream firefox 67.0
ubuntu 16.04 firefox 67.0+build2-0ubuntu0.16.04.1
ubuntu upstream mozjs38 any
ubuntu 20.04 mozjs52 any
ubuntu upstream mozjs52 any
ubuntu upstream mozjs60 any

Related