PT-2019-19874 · Gnu+2 · Bash+2
Potatoe
·
Publicado
2019-04-01
·
Atualizado
2024-12-12
·
CVE-2019-9804
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 66
Description
The issue arises when the result of the 'Copy as cURL' command in Firefox Developer Tools is pasted into a command shell on macOS, potentially leading to the execution of unintended additional bash script commands if the URL was maliciously crafted. This is due to a problem with the native version of Bash on macOS. The issue is exclusive to macOS, with other operating systems being unaffected.
Recommendations
For Firefox versions prior to 66, update to version 66 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the 'Copy as cURL' command in Firefox Developer Tools when working with potentially malicious URLs on macOS.
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Bash
Firefox