#12548 closed enhancement (fixed)

firefox-69.0.1

Reported by: Douglas R. Reno Owned by: ken@…
Priority: normal Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (2)

comment:1 by ken@…, 23 months ago

Owner: changed from blfs-book to ken@…
Status: newassigned

Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)

Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)

Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)

Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)

Fixed missing stacks in the Developer Tools Performance section (bug 1578354)

Security Fix:

CVE-2019-11754: Pointer Lock is enabled with no user notification

Reporter

Johann Hofmann

Impact

moderate

Description

When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. References

Bug 1580506

As you would expect, that bug is not currently available to normal users and the CVE is not yet detailed. From https://www.cybersecurity-help.cz/vdb/SB2019091810?affChecked=1 The vulnerability allows a remote attacker to perform spoofing attacks. Apparently applies to all versions from 66.0.2.

comment:2 by ken@…, 23 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.