CVE-2019-11748 - log back

CVE-2019-11748 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ WebRTC in Firefox before 69.0 will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11748
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1564588
Notes