CVE-2019-11696
N/A
N/A
Summary
Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 67 | affected |
Weaknesses
- Java web start .JNLP files are not recognized as executable files for download prompts
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2019-13/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1392955
References
- https://www.mozilla.org/security/advisories/mfsa2019-13/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1392955
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.