CVE-2019-9804
Description
In Firefox Developer Tools it is possible that pasting the result of the Copy as cURL command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.151
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Mozilla Firefox (66.0) | Windows |
| Mozilla Firefox (x64) (66.0) | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.5) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.1) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.2) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.3) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.4) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 65.0.2 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-309247 | Mozilla Firefox (66.0) |
| PATCH-309249 | Mozilla Firefox (x64) (66.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234