SB2019032311 - Permissions, Privileges, and Access Controls in firefox-esr (Alpine package)
Published: March 23, 2019
Security Bulletin ID
SB2019032311
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-9801)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to Firefox accepts any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. A remote attacker can trick the victim to open a specially crafted link and execute an arbitrary application on the system with privileges of the current user.
Note: this vulnerability affects Windows operating system only.
Remediation
Install update from vendor's website.