CVE-2019-9808 : Security Advisory and Response

WebRTC permission requests in Firefox versions prior to 66 can lead to incorrect display of originating domains, causing confusion for users.

Understanding CVE-2019-9808

This CVE involves a security flaw in Firefox related to WebRTC permission notifications.

What is CVE-2019-9808?

The vulnerability arises from how WebRTC permission is obtained from documents using data: or blob: URLs in Firefox versions before 66.
It results in permission notifications displaying "Unknown origin" instead of the actual requestee, leading to user confusion.

The Impact of CVE-2019-9808

Users may struggle to identify the website requesting permission due to the incorrect display of the originating domain.

Technical Details of CVE-2019-9808

This section delves into the specific technical aspects of the CVE.

Vulnerability Description

WebRTC permissions requested from data: or blob: URLs in Firefox < 66 do not accurately show the originating domain in permission notifications.

Affected Systems and Versions

Product: Firefox
Vendor: Mozilla
Versions Affected: < 66

Exploitation Mechanism

Exploiting this vulnerability involves requesting WebRTC permission from documents using data: or blob: URLs.

Mitigation and Prevention

Protecting systems from the CVE and implementing preventive measures are crucial.

Immediate Steps to Take

Update Firefox to version 66 or above to mitigate the vulnerability.
Exercise caution when granting permissions to websites using data: or blob: URLs.

Long-Term Security Practices

Regularly update browsers and software to the latest versions to address security vulnerabilities.
Educate users on safe browsing practices and permissions management.

Patching and Updates

Stay informed about security advisories and patches released by Mozilla to address vulnerabilities like CVE-2019-9808.