CVE-2019-9804
Last modified
CVE-2019-9804 is a vulnerability of currently unknown severity. In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. EPSS estimates a 1.83% chance of exploitation in the next 30 days.
Description
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 66.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1518026Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1518026Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9804?
How severe is CVE-2019-9804?
How do I fix CVE-2019-9804?
Are you affected by CVE-2019-9804?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST