User:Isuri Sewwandi

CVE-2019-11697 CVE stands for Common Vulnerabilities and Exposures. It is a program launched by in 1999 by MITRE, a non-profit that operates research and development centers sponsored by the federal government, to identify the catalog vulnerabilities in software or firmware’s. Its main purpose is to standardize the way each known vulnerability or exposure is identified. Standard ID allow security administrators to access technical information about a specific threat across multiple CVE-compatible information sources. According to the CVE site, vulnerability is a mistake n software code that provides an attacker with direct access to a system or network.it could allow an attacker to pose as a super-user or system administrator with full access privileges. An exposure in a computer security is a mistake that given an attacker indirect access to a system or network. It could allow an attacker to gather customer information that could be sold. ID: CVE-2019-11697 If the ALT and ‘a’ keys are pressed when user receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This attack could pose a serious security threats. This signature detects the attempts to bypass certain security restrictions to perform unauthorized actions, crash the applications, execute arbitrary code or obtain sensitive information. Affected Application -	Mozilla Firefox versions prior to 67 -	Mozilla Firefox ESR versions prior to 60.7 Mozilla Firefox: 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.1, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.5.1, 60.5.2, 60.6.0, 60.6.1, 60.6.2, 60.6.3, 60.7.0, 61.0, 61.0.1, 61.0.2, 62.0, 62.0.1, 62.0.2, 62.0.3, 63.0, 63.0.1, 63.0.3, 64.0, 64.0.1, 64.0.2, 65.0, 65.0.1, 65.0.2, 66.0, 66.0.1, 66.0.2, 66.0.3, 66.0.4, 66.0.5 Mozilla Firefox could allow a remote malicious user to conduct spoofing attacks, caused by an error when pressing key combinations. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass installation prompt delays and spoof the Web page

Ubuntu Security Notice USN-3991-1/2/3 Fixed vulnerabilities in Firefox. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, crash the application, execute arbitrary code or obtain sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. For example depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights Mozilla Firefox is prone to the following security vulnerabilities:

1. A denial-of-service vulnerability 2. A address-bar spoofing vulnerability 3. Multiple security-bypass vulnerabilities 4. Multiple security vulnerabilities 5. An arbitrary file-access vulnerability

These issues are fixed in the following:

Firefox 67 CVE-2019-11697 vulnerability is affected system •	Mozilla Firefox versions prior to 67 •	Mozilla Firefox ESR versions prior to 60.7 It is very risky those parties are followings: Government •	Large and medium government entities: HIGH •	Small government entities: MEDIUM Businesses: •	Large and medium business entities: HIGH •	Small business entities: MEDIUM Home Users: Low Multiple vulnerabilities have been discovered in Mozilla Firefox. These are affected to create the most severe of which could allow for arbitrary code execution. A detail of the CVE-2019-11697 vulnerability is follow as. If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension.