In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Mozilla

Firefox

Affected Versions:

unspecified

References

https://www.mozilla.org/security/advisories/mfsa2019-07/

https://bugzilla.mozilla.org/show_bug.cgi?id=1518026

Published: 2019-04-26T16:13:22

Last Modified: 2024-08-04T22:01:54.680Z

Copied to clipboard!