CVE-2019-11696
Description
Files with the .JNLP extension used for Java web start applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.158
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Mozilla Firefox 66.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 66.0.5 | Mac |
| Mozilla Open Source web browser (USN-3918-4) firefox_67.0+build2-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3918-4) firefox_67.0+build2-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3918-4) firefox_67.0+build2-0ubuntu0.18.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3918-4) firefox_67.0+build2-0ubuntu0.18.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3918-4) firefox_67.0+build2-0ubuntu0.18.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3918-4) firefox_67.0+build2-0ubuntu0.18.10.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234