CVE: CVE-2019-11751

Descrizione: Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows ‘Startup’ folder.
*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

Vettore di attacco

Riferimenti esterni

• https://bugzilla.mozilla.org/show_bug.cgi?id=1572838
• https://www.mozilla.org/security/advisories/mfsa2019-25/
• https://www.mozilla.org/security/advisories/mfsa2019-26/
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

Prodotti interessati

• Mozilla – Firefox
• Mozilla – Firefox ESR

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2019
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2019
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2019)