CVE-2019-11751

HIGH

Firefox < 69 - Path Traversal

Title source: llm

Description

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

References (5)

[Issue Tracking, Permissions Required, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1572838

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2019-25/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2019-26/

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

Scores

CVSS v3 8.8

EPSS 0.0050

EPSS Percentile 65.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88

Status published

Affected Products (2)

mozilla/firefox < 69.0

mozilla/firefox_esr < 68.1.0

Timeline

Published Sep 27, 2019

Tracked Since Feb 18, 2026