If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1434634 | Issue Tracking Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-07/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2019-04-26T16:10:38
Updated: 2019-04-26T16:10:38
Reserved: 2019-03-14T00:00:00
Link: CVE-2019-9808
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-26T17:29:03.807
Modified: 2019-04-29T19:13:55.913
Link: CVE-2019-9808
JSON object: View
Redhat Information
No data.
CWE