CVE-2019-11751

Summary

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 69affected
MozillaFirefox ESRunspecified < 68.1affected

Weaknesses

  • Malicious code execution through command line parameters

ADP Enrichment

CVE Program Container

Additional References

References