CVE-2019-9793

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.6 Firefox ESR versions prior to 60.6 Firefox versions prior to 66

Description A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. The vulnerability is related to reading data beyond buffer memory boundaries, which may allow a remote attacker to gain unauthorized access to protected data.

Recommendations For Thunderbird versions prior to 60.6, update to version 60.6 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Firefox versions prior to 66, update to version 66 or later.