CVE-2019-9804
Publication date 26 April 2019
Last updated 24 July 2024
Ubuntu priority
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| mozjs38 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| mozjs52 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| mozjs60 | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |