ASA-2019-00445 – Mozilla Firefox: Retired site input.mozilla.org has remote troubleshooting permissions

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00445

Identifier(s)

ASA-2019-00445, CVE-2019-11724, MFSA2019-21

Title

Retired site input.mozilla.org has remote troubleshooting permissions

Vendor(s)

Mozilla

Product(s)

Mozilla Firefox

Affected version(s)

Mozilla Firefox version before 68

Fixed version(s)

Mozilla Firefox version 68

Proof of concept

Unknown

Description

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks.

Technical details

Unknown

Credits

Frederik Braun

Reference(s)

Mozilla Foundation Security Advisory 2019-21
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11724

Remove input.mozilla.org from browser/app/permissions
https://bugzilla.mozilla.org/show_bug.cgi?id=1512511

CVE-2019-11724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11724

CVE-2019-11724
https://nvd.nist.gov/vuln/detail/CVE-2019-11724

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 17, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.