Vulnerability Description
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 66.0 |
| Apple | Mac Os X | - |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1518026Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1518026Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
FAQ
What is CVE-2019-9804?
CVE-2019-9804 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if ...
How severe is CVE-2019-9804?
CVE-2019-9804 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-9804?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Apple Mac Os X.