CVE-2019-9808

Source
Severity Low
Remote Yes
Type Content spoofing
Description
If WebRTC permission is requested from documents with data: or blob: URLs in Firefox before 66.0, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission.
Group Package Affected Fixed Severity Status Ticket
AVG-925 firefox 65.0.2-1 66.0-1 Critical Fixed
Date Advisory Group Package Severity Description
22 Mar 2019 ASA-201903-11 AVG-925 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808
https://bugzilla.mozilla.org/show_bug.cgi?id=1434634