Vulnerabilities > CVE-2019-11702 - Missing Authorization vulnerability in Mozilla Firefox

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mozilla
CWE-862
nessus

Summary

A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2.

Vulnerable Configurations

Part Description Count
Application
Mozilla
597
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idMOZILLA_FIREFOX_67_0_2.NASL
descriptionThe version of Firefox installed on the remote Windows host is prior to 67.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-16 advisory. - A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11702) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen2020-06-01
modified2020-06-02
plugin id125877
published2019-06-13
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/125877
titleMozilla Firefox < 67.0.2