Opened 5 years ago
Closed 5 years ago
#12548 closed enhancement (fixed)
firefox-69.0.1
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 9.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Note:
See TracTickets
for help on using tickets.
Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
Fixed missing stacks in the Developer Tools Performance section (bug 1578354)
Security Fix:
CVE-2019-11754: Pointer Lock is enabled with no user notification
Reporter
Impact
Description
When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. References
As you would expect, that bug is not currently available to normal users and the CVE is not yet detailed. From https://www.cybersecurity-help.cz/vdb/SB2019091810?affChecked=1 The vulnerability allows a remote attacker to perform spoofing attacks. Apparently applies to all versions from 66.0.2.