PT-2019-19873 · Mozilla+3 · Firefox Esr+5

Daniel Veditz

Published

2019-03-19

Updated

2024-12-12

CVE-2019-9801

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 66 Firefox ESR versions prior to 60.6 Thunderbird versions prior to 60.6

Description The issue affects Firefox on Windows operating systems, where it accepts any registered Program ID as an external protocol handler, offering to launch local applications when given a matching URL. This should only occur if the program has registered itself as a "URL Handler" in the Windows registry. The issue is specific to Windows operating systems, with other operating systems being unaffected.

Recommendations For Firefox versions prior to 66, update to version 66 or later to resolve the issue. For Firefox ESR versions prior to 60.6, update to version 60.6 or later to resolve the issue. For Thunderbird versions prior to 60.6, update to version 60.6 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-1486

ALT-PU-2019-1561

CVE-2019-9801

MGASA-2019-0129

OPENSUSE-SU-2019:1126-1

OPENSUSE-SU-2019:1162-1

OPENSUSE-SU-2019_1162-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:0852-1

SUSE-SU-2019:0853-1

SUSE-SU-2019:0871-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Windows

PT-2019-19873 · Mozilla+3 · Firefox Esr+5

CVE-2019-9801

Weakness Enumeration

Related Identifiers

Affected Products

References · 1899