When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.
Weakness
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 85.0 (excluding) |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | focal | * |
| Firefox | Ubuntu | groovy | * |
| Firefox | Ubuntu | hirsute | * |
| Firefox | Ubuntu | impish | * |
| Firefox | Ubuntu | jammy | * |
| Firefox | Ubuntu | kinetic | * |
| Firefox | Ubuntu | lunar | * |
| Firefox | Ubuntu | mantic | * |
| Firefox | Ubuntu | noble | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Mozjs38 | Ubuntu | bionic | * |
| Mozjs38 | Ubuntu | esm-apps/bionic | * |
| Mozjs38 | Ubuntu | upstream | * |
| Mozjs52 | Ubuntu | bionic | * |
| Mozjs52 | Ubuntu | esm-apps/focal | * |
| Mozjs52 | Ubuntu | esm-infra/bionic | * |
| Mozjs52 | Ubuntu | focal | * |
| Mozjs52 | Ubuntu | groovy | * |
| Mozjs52 | Ubuntu | upstream | * |
| Mozjs60 | Ubuntu | upstream | * |
| Mozjs68 | Ubuntu | esm-infra/focal | * |
| Mozjs68 | Ubuntu | focal | * |
| Mozjs68 | Ubuntu | groovy | * |
| Mozjs68 | Ubuntu | upstream | * |
| Mozjs78 | Ubuntu | esm-apps/jammy | * |
| Mozjs78 | Ubuntu | groovy | * |
| Mozjs78 | Ubuntu | hirsute | * |
| Mozjs78 | Ubuntu | impish | * |
| Mozjs78 | Ubuntu | jammy | * |
| Mozjs78 | Ubuntu | kinetic | * |
| Mozjs78 | Ubuntu | lunar | * |
| Mozjs78 | Ubuntu | upstream | * |