Bug 1690679 (CVE-2019-9794)

Summary: CVE-2019-9794 Mozilla: Command line arguments not discarded during execution
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: cschalle, gecko-bugs-nobody, jhorak, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-20 02:18:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1688735    

Description Doran Moppert 2019-03-20 02:14:39 UTC 
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. 

 *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9794


Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 6 and 7.
Comment 1 Doran Moppert 2019-03-20 02:14:42 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Joshua Graham