CVE-2019-11751

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/09/2019
Last modified:
24/08/2020

Description

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 69.0 (excluding)
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* 68.1.0 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*