CVE-2019-11696

Name
CVE-2019-11696
Description
Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugzilla.mozilla.org/show_bug.cgi?id=1392955
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-13/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* firefox >= None < 67.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status