1. Home
  2. Vulnerabilities
  3. CVE-2019-9801

CVE-2019-9801

CVSS v3.0 5.3 (Medium)
53% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.21 % (59th)
0.21% Progress
Affected Products 4
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. Note: This issue only affects Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2019-04-26 17:29:02
(5 years ago)
Updated Date
2019-04-29 20:19:13
(5 years ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 66.0 version cpe:2.3:a:mozilla:firefox < 66.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 60.6 version cpe:2.3:a:mozilla:firefox_esr < 60.6
OR  
  Running on/with
  Mozilla Thunderbird prior 60.6 version cpe:2.3:a:mozilla:thunderbird < 60.6
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-