CVE-2019-9808

MEDIUM

Firefox < 66 - Info Disclosure

Title source: llm

Description

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66.

References (2)

[Issue Tracking, Permissions Required, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1434634

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2019-07/

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-346

Status published

Affected Products (1)

mozilla/firefox < 66.0

Timeline

Published Apr 26, 2019

Tracked Since Feb 18, 2026