First Last Prev Next    This bug is not in your last search results.
Bug 1149286 - (CVE-2019-11751) VUL-0: CVE-2019-11751: MozillaFirefox: Malicious code execution through command line parameters
(CVE-2019-11751)
VUL-0: CVE-2019-11751: MozillaFirefox: Malicious code execution through comma...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Windows
: P5 - None : Major
: ---
Assigned To: Charles Robertson
Security Team bot
https://smash.suse.de/issue/241694/
CVSSv2:NVD:CVE-2019-11751:6.8:(AV:N/...
:
Depends on: 1149323 1149324
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-04 06:48 UTC by Alexander Bergmann
Modified: 2019-10-03 00:31 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-09-04 06:48:21 UTC 
CVE-2019-11751: Malicious code execution through command line parameters

Reporter   Ping Fan (Zetta) Ke of VXRL working with iDefense Labs
Impact     critical

Description
Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. 

** Note: this issue only affects Firefox on Windows operating systems. **

References:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11751
https://bugzilla.mozilla.org/show_bug.cgi?id=1572838
https://bugzilla.redhat.com/show_bug.cgi?id=1748668
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11751
Comment 1 Andreas Stieger 2019-09-04 14:46:26 UTC 
Not affected.
First Last Prev Next    This bug is not in your last search results.