CVE-2019-11697
N/A
N/A
Summary
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 67 | affected |
Weaknesses
- Pressing key combinations can bypass installation prompt delays and install extensions
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2019-13/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1440079
References
- https://www.mozilla.org/security/advisories/mfsa2019-13/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1440079
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.