Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. *Note: this issue only affects Firefox on Windows operating systems.* External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11751
Acknowledgments: Name: the Mozilla project Upstream: Ping Fan "Zetta" Ke (VXRL)
Statement: This vulnerability only affected Firefox on the Windows operating system. Firefox on Red Hat Enterprise Linux is not affected.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11751