Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-9801

Опубликовано: 20 мар. 2019
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. Note: This issue only affects Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-88
https://bugzilla.redhat.com/show_bug.cgi?id=1690682Mozilla: Windows programs that are not 'URL Handlers' are exposed to web content

EPSS

Процентиль: 60%
0.0039
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-9801

CVSS3: 5.3
ubuntu
почти 7 лет назад

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

nvd логотип

CVE-2019-9801

CVSS3: 5.3
nvd
почти 7 лет назад

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

debian логотип

CVE-2019-9801

CVSS3: 5.3
debian
почти 7 лет назад

Firefox will accept any registered Program ID as an external protocol ...

github логотип

GHSA-cr8h-fffv-pv55

CVSS3: 5.3
github
больше 3 лет назад

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

suse-cvrf логотип

SUSE-SU-2019:0871-1

suse-cvrf
почти 7 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 60%
0.0039
Низкий

6.1 Medium

CVSS3