PT-2019-4075 · Mozilla+5 · Firefox Esr+7

Samuel Groß

·

Published

2019-05-21

·

Updated

2024-12-12

·

CVE-2019-9816

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.7 Firefox versions prior to 67 Firefox ESR versions prior to 60.7
Description A possible issue exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. This issue is related to a deficiency in the type conversion mechanism, which may allow a remote attacker to access confidential information and cause a denial of service by unpacking special objects.
Recommendations For Thunderbird versions prior to 60.7, update to version 60.7 or later. For Firefox versions prior to 67, update to version 67 or later. For Firefox ESR versions prior to 60.7, update to version 60.7 or later.

Exploit

Fix

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

ALT-PU-2019-1876
ALT-PU-2019-1879
ALT-PU-2019-1941
ALT-PU-2019-2324
ALT-PU-2019-2479
ALT-PU-2019-2486
BDU:2019-04638
CESA-2019_1265
CESA-2019_1267
CESA-2019_1269
CVE-2019-9816
DLA-1800-1
DLA-1806-1
DSA-4448-1
DSA-4451-1
MGASA-2019-0190
MGASA-2019-0191
OPENSUSE-SU-2019:1534-1
OPENSUSE-SU-2019:1664-1
OPENSUSE-SU-2019_1484-1
OPENSUSE-SU-2019_1534-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1265
RHSA-2019:1267
RHSA-2019:1269
RHSA-2019_1265
RHSA-2019_1267
RHSA-2019_1269
SUSE-SU-2019:1388-1
SUSE-SU-2019:1405-1
SUSE-SU-2019:1458-1
SUSE-SU-2019_1405-1
USN-3991-1
USN-3991-2
USN-3991-3
USN-3997-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu