In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1518026 | Issue Tracking |
https://www.mozilla.org/security/advisories/mfsa2019-07/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2019-04-26T16:13:22
Updated: 2019-04-26T16:13:22
Reserved: 2019-03-14T00:00:00
Link: CVE-2019-9804
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-26T17:29:03.430
Modified: 2019-04-30T23:51:27.813
Link: CVE-2019-9804
JSON object: View
Redhat Information
No data.
CWE