CVE-2019-11696
HIGHFirefox < 67.0 - Unsafe Executable File Handling for .JNLP Extensions
Title source: llmDescription
Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2019-13/
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1392955
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
mozilla/firefox
< 67.0
Published
Jul 23, 2019
Tracked Since
Feb 18, 2026