Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mozilla Firefox < 67.0.2

🗓️ 18 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

Firefox versions before 67.0.2 are affected by mfsa2019-16 via IE links opening local files on Windows.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		Mozilla Firefox < 67.0.2 Vulnerability
19 Jun 201900:00
nessus
Tenable Nessus		Mozilla Firefox < 67.0.2
13 Jun 201900:00
nessus
CNVD		Mozilla Firefox Arbitrary File Access Vulnerability
13 Jun 201900:00
cnvd
CVE		CVE-2019-11702
23 Jul 201913:21
cve
Cvelist		CVE-2019-11702
23 Jul 201913:21
cvelist
Debian CVE		CVE-2019-11702
23 Jul 201913:21
debiancve
EUVD		EUVD-2019-3372
7 Oct 202500:30
euvd
Kaspersky		KLA11498 OSI vulnerability in Mozilla Firefox
11 Jun 201900:00
kaspersky
Mozilla		Security vulnerabilities fixed in Firefox 67.0.2 — Mozilla
11 Jun 201900:00
mozilla
NVD		CVE-2019-11702
23 Jul 201914:15
nvd
Rows per page
#%NASL_MIN_LEVEL 80900
## 
# (C) Tenable, Inc.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Mozilla Foundation Security Advisory mfsa2019-16.
# The text itself is copyright (C) Mozilla Foundation.
## 

include('compat.inc');

if (description)
{
  script_id(275631);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/18");

  script_cve_id("CVE-2019-11702");
  script_xref(name:"IAVA", value:"2019-A-0185-S");

  script_name(english:"Mozilla Firefox < 67.0.2");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.2. It is, therefore, affected by
a vulnerability as referenced in the mfsa2019-16 advisory.

  - A hyperlink using protocols associated with Internet Explorer, such as <code>IE.HTTP:</code>, can be used
    to open local files at a known location with Internet Explorer if a user approves execution when prompted.
    Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11702)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox version 67.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11702");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("installed_sw/Mozilla Firefox");

  exit(0);
}

include('vdf.inc');

# @tvdl-content-verify-only
var vuln_data = {
  "metadata": {
    "spec_version": "1.0"
  },
  "requires": [
    {
      "scope": "target",
      "match": {
        "os": "macos"
      }
    }
  ],
  "checks": [
    {
      "product": {
        "name": "Mozilla Firefox",
        "type": "app"
      },
      "check_algorithm": "default",
      "constraints": [
        {
          "fixed_version": "67.0.2"
        }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Nov 2025 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 24.3
CVSS 36.5
EPSS0.00379
firefoxversion 67.0.2mfsa2019-16ie hyperlinkwindows onlylocal file access
4