8.3
CVE-2019-9811
- EPSS 2.57%
- Veröffentlicht 23.07.2019 14:15:16
- Zuletzt bearbeitet 21.11.2024 04:52:21
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Firefox ESR Version < 60.8
Mozilla ≫ Thunderbird Version < 60.8
Debian ≫ Debian Linux Version8.0
Novell ≫ Suse Package Hub For Suse Linux Enterprise Version12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.57% | 0.832 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.3 | 1.6 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
https://security.gentoo.org/glsa/201908-20
https://security.gentoo.org/glsa/201908-12
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
https://www.mozilla.org/security/advisories/mfsa2019-23/
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1538007
https://bugzilla.mozilla.org/show_bug.cgi?id=1539598
https://bugzilla.mozilla.org/show_bug.cgi?id=1563327