Bugzilla – Bug 1149286
VUL-0: CVE-2019-11751: MozillaFirefox: Malicious code execution through command line parameters
Last modified: 2019-10-03 00:31:57 UTC
CVE-2019-11751: Malicious code execution through command line parameters
Reporter Ping Fan (Zetta) Ke of VXRL working with iDefense Labs
Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder.
** Note: this issue only affects Firefox on Windows operating systems. **