CVE-2019-11765 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
Incorrect permissions could be granted to a website in Firefox before 70.0. A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission.
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
Date Advisory Group Package Severity Type
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
https://bugzilla.mozilla.org/show_bug.cgi?id=1562582