CVE-2019-11695 Information
Feb 14, 2021
cve
Description
A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts doorhanger notifications or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox 67.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1445844 https://www.mozilla.org/security/advisories/mfsa2019-13/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Share on: