PT-2019-19873 · Mozilla+3 · Firefox Esr+5

Daniel Veditz

·

Publicado

2019-03-19

·

Atualizado

2024-12-12

·

CVE-2019-9801

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 66 Firefox ESR versions prior to 60.6 Thunderbird versions prior to 60.6
Description The issue affects Firefox on Windows operating systems, where it accepts any registered Program ID as an external protocol handler, offering to launch local applications when given a matching URL. This should only occur if the program has registered itself as a "URL Handler" in the Windows registry. The issue is specific to Windows operating systems, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 66, update to version 66 or later to resolve the issue. For Firefox ESR versions prior to 60.6, update to version 60.6 or later to resolve the issue. For Thunderbird versions prior to 60.6, update to version 60.6 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2019-1486
ALT-PU-2019-1561
CVE-2019-9801
MGASA-2019-0129
OPENSUSE-SU-2019:1126-1
OPENSUSE-SU-2019:1162-1
OPENSUSE-SU-2019_1162-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2019:0852-1
SUSE-SU-2019:0853-1
SUSE-SU-2019:0871-1

Produtos afetados

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird
Windows