1721805 – (CVE-2019-11702) CVE-2019-11702 Mozilla: IE protocols can be used to open known local files

Bug 1721805 (CVE-2019-11702) - CVE-2019-11702 Mozilla: IE protocols can be used to open known local files

Summary: CVE-2019-11702 Mozilla: IE protocols can be used to open known local files

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-11702
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1721788
TreeView+	depends on / blocked

Reported:	2019-06-19 05:46 UTC by Doran Moppert
Modified:	2021-02-16 21:48 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-06-19 05:48:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Doran Moppert 2019-06-19 05:46:47 UTC

A hyperlink using protocols associated with Internet Explorer, such as `IE.HTTP:`, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. 

*Note: this issue only occurs on Windows. Other operating systems are unaffected.*



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702

Comment 1 Doran Moppert 2019-06-19 05:46:49 UTC

Acknowledgments:

Name: the Mozilla project
Upstream: James Lee

Comment 2 Doran Moppert 2019-06-19 05:48:19 UTC

Statement:

This vulnerability only affects versions of Firefox on the Windows operating system.  Red Hat Enterprise Linux is not affected.

Comment 3 Kazu Yoshida 2019-06-19 05:56:05 UTC

Hi Doran,

Thank you so much for kindly creating this BZ to confirm it does not affect RHEL Firefox.

Thanks 
Kazu

Note You need to log in before you can comment on or make changes to this bug.