CVE-2019-11696

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 67

Description The issue concerns the handling of executable content for applications with the .JNLP extension, which are used for "Java web start" applications. These files are not treated as executable content for download prompts, even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 67, update to version 67 or later to resolve the issue. As a temporary workaround, consider disabling the execution of .JNLP files until a patch is applied. Restrict access to Java web start applications to minimize the risk of exploitation. Avoid launching executable binaries locally from download prompts to prevent potential attacks.