CVE-2019-9794
Summary
| CVE | CVE-2019-9794 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-04-26 17:29:00 UTC |
|---|
| Updated | 2021-07-21 11:39:00 UTC |
|---|
| Description | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Access Denied |
MISC |
bugzilla.mozilla.org |
Issue Tracking, Permissions Required, Vendor Advisory |
| Security vulnerabilities fixed in Firefox 66 — Mozilla |
MISC |
www.mozilla.org |
Vendor Advisory |
| Security vulnerabilities fixed in Firefox ESR 60.6 — Mozilla |
MISC |
www.mozilla.org |
Vendor Advisory |
| Security vulnerabilities fixed in Thunderbird 60.6 — Mozilla |
MISC |
www.mozilla.org |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296088 Oracle Solaris 11.4 Support Repository Update (SRU) 9.1.5 Missing (CPUAPR2019)
- 371855 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla Multiple Vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)
- 500915 Alpine Linux Security Update for firefox-esr
- 504780 Alpine Linux Security Update for firefox-esr
