CVE-2019-11765 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	Incorrect permissions could be granted to a website in Firefox before 70.0. A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1055	firefox	69.0.3-1	70.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
26 Oct 2019	ASA-201910-16	AVG-1055	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765 https://bugzilla.mozilla.org/show_bug.cgi?id=1562582