Vulnerability CVE-2019-9813


Published: 2019-04-26

Description:
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Type:

CWE-704

(Incorrect Type Conversion or Cast)

Vendor: Mozilla
Product: Firefox 
Version:
9.0.1
9.0
8.0.1
8.0
7.0.1
7.0
66.0
65.0
64.0.2
64.0
63.0.3
63.0.1
63.0
62.0.3
62.0.2
62.0
61.0.2
61.0.1
61.0
60.6.1
60.5.0
60.4.0
60.3.0
60.2.2
60.2.1
60.2.0
60.1.0
60.0.2
60.0.1
60.0
6.0.2
6.0.1
6.0
59.0.3
59.0.2
59.0.1
59.0
58.0.2
58.0.1
58.0
57.0.4
57.0.3
57.0.2
57.0.1
57.0
56.0.2
56.0.1
56.0
55.0.3
55.0.2
55.0.1
55.0
54.0.1
54.0
53.0.3
53.0.2
53.0
52.9.0
52.8.1
52.8.0
52.7.4
52.7.3
52.7.2
52.7.1
52.7.0
See more versions on NVD
Product: Thunderbird 
Version:
9.0.1
9.0
8.0
7.0.1
7.0
60.6.0
60.5.1
60.5.0
60.4.0
60.3.0
60.2.1
60.0
6.0.2
6.0.1
6.0
59.0
58.0
57.0
56.0
55.0
54.0
53.0
52.9.1
52.9.0
52.8.0
52.7.0
See more versions on NVD
Product: Firefox esr 
Version:
60.6.0
60.5.0
60.4.0
60.3.0
60.2.0
60.1.0
60.0
52.9.0
52.8.0
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://access.redhat.com/errata/RHSA-2019:0966
https://access.redhat.com/errata/RHSA-2019:1144
https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
https://www.mozilla.org/security/advisories/mfsa2019-09/
https://www.mozilla.org/security/advisories/mfsa2019-10/
https://www.mozilla.org/security/advisories/mfsa2019-12/

Related CVE
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS ...
CVE-2018-5123
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3...
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2019-9809
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for ...
CVE-2019-9808
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which s...
CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects...
CVE-2019-9806
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.

Copyright 2019, cxsecurity.com

 

Back to Top