4.3
CVSSv2

CVE-2019-11749

Published: 27/09/2019 Updated: 05/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to obtain sensitive information. By using probing techniques on the getUserMedia API using constraints, a remote attacker could exploit this vulnerability to obtain device properties of cameras on the system without triggering a user prompt or notification.

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.6, 3.6.2, 3.6.3, 3.6.4, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 3.6.26, 3.6.27, 3.6.28, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 11.0, 12.0, 13.0, 13.0.1, 14.0, 14.0.1, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0, 18.0.1, 18.0.2, 19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1, 24.0, 24.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 25.0.1, 26.0, 27.0, 27.0.1, 28.0, 29.0, 29.0.1, 30.0, 31.0, 31.1.0, 31.1.1, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 31.8.0, 32.0, 32.0.1, 32.0.2, 32.0.3, 33.0, 33.0.1, 33.0.2, 33.0.3, 33.1, 33.1.1, 34.0, 34.0.5, 35.0, 35.0.1, 36.0, 36.0.1, 36.0.3, 36.0.4, 37.0, 37.0.1, 37.0.2, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 39.0, 39.0.3, 40.0, 40.0.2, 40.0.3, 41.0, 41.0.1, 41.0.2, 42.0, 43.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 44.0, 44.0.1, 44.0.2, 45.0, 45.0.1, 45.0.2, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 46.0, 46.0.1, 47.0, 47.0.1, 47.0.2, 48.0, 48.0.1, 48.0.2, 49.0, 49.0.1, 49.0.2, 50, 50.0, 50.0.1, 50.0.2, 50.1.0, 51.0, 51.0.1, 51.0.3, 52.0, 52.0.1, 52.0.2, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0, 53.0.2, 53.0.3, 54.0, 54.0.1, 55.0, 55.0.1, 55.0.2, 55.0.3, 56.0, 56.0.1, 56.0.2, 57.0, 57.0.1, 57.0.2, 57.0.3, 57.0.4, 58, 58.0, 58.0.1, 58.0.2, 59, 59.0, 59.0.1, 59.0.2, 59.0.3, 60, 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.1, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.1, 60.7.3, 61.0, 61.0.1, 61.0.2, 62.0, 62.0.2, 62.0.3, 63.0, 63.0.1, 63.0.3, 64.0, 64.0.2, 65.0, 66.0, 66.0.1, 66.0.2, 66.0.3, 67.0.2, 68.0, 68.0.1, 68.0.2, 68.1.0
MozillaFirefox Esr10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 24.0, 24.0.1, 24.0.2, 24.1.0, 24.1.1, 24.2, 24.3, 24.4, 24.5, 24.6, 24.7, 24.8, 31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6, 31.7, 31.8, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 45.0, 45.0.1, 45.0.2, 45.1.0, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 52.0, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0.0, 60.0, 60.1.0, 60.2.0, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.0, 60.6.1, 60.7.0, 60.7.1

Vendor Advisories

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
A vulnerability exists in the WebRTC component of Firefox before 690 where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification This allows for the potential fingerprinting of users ...
USN-4122-1 caused a regression in Firefox ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Arch Linux Security Advisory ASA-201909-2 ========================================= Severity: High Date : 2019-09-04 CVE-ID : CVE-2019-5849 CVE-2019-9812 CVE-2019-11734 CVE-2019-11735 CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019- ...
Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2019-11738, CVE-ID: CVE-2019-11746, CVE-2019-11735, CVE-2019-11748, CVE-2019-11752, CVE-2019-11747, CVE-2019-11747, CVE-2019-9812, CVE-2019-11744, CVE-2019-11743, CVE-2019-11740, CVE-2019-11749, CVE-2019-11750 ...