CVE-2019-9801
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Firefox aceptará cualquier ID de programa registrado como gestor de protocolo externo y ofrecerá lanzar esta aplicación local cuando se le proporcione una URL correspondiente en los sistemas operativos Windows. Esto sólo debería ocurrir si el programa se ha registrado específicamente como un "manejador de URL" en el registro de Windows. *Nota: Este problema sólo afecta a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Thunderbird < 60.6, Firefox ESR < 60.6 y Firefox < 66.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-14 CVE Reserved
- 2019-04-26 CVE Published
- 2024-04-19 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2019-07 | 2019-04-29 | |
https://www.mozilla.org/security/advisories/mfsa2019-08 | 2019-04-29 | |
https://www.mozilla.org/security/advisories/mfsa2019-11 | 2019-04-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 66.0 Search vendor "Mozilla" for product "Firefox" and version " < 66.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 60.6 Search vendor "Mozilla" for product "Firefox Esr" and version " < 60.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 60.6 Search vendor "Mozilla" for product "Thunderbird" and version " < 60.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|