Vulnerabilities > CVE-2019-11702 - Missing Authorization vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | MOZILLA_FIREFOX_67_0_2.NASL |
| description | The version of Firefox installed on the remote Windows host is prior to 67.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-16 advisory. - A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11702) Note that Nessus has not tested for this issue but has instead relied only on the application |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 125877 |
| published | 2019-06-13 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/125877 |
| title | Mozilla Firefox < 67.0.2 |