CVE-2019-11696
Summary
| CVE | CVE-2019-11696 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-23 14:15:00 UTC |
| Updated | 2019-07-28 23:49:00 UTC |
| Description | Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security vulnerabilities fixed in Firefox 67 — Mozilla | MISC | www.mozilla.org | Vendor Advisory |
| 1392955 - (CVE-2019-11696) JNLP should be treated as executable | MISC | bugzilla.mozilla.org | Exploit, Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 371854 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla Multiple Vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)