Published: 27/09/2019 Updated: 24/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox_esr
mozilla firefox

Mozilla Foundation Security Advisory 2019-26 Security vulnerabilities fixed in Firefox ESR 681 Announced September 3, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 681 ...

Mozilla Foundation Security Advisory 2019-25 Security vulnerabilities fixed in Firefox 69 Announced September 3, 2019 Impact critical Products Firefox Fixed in Firefox 69 ...

CWE-88 https://bugzilla.mozilla.org/show_bug.cgi?id=1572838 https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11751

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect