CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%
Severity: Critical
Date : 2019-03-23
CVE-ID : CVE-2019-9810 CVE-2019-9813
Package : firefox
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-930
The package firefox before version 66.0.1-1 is vulnerable to arbitrary
code execution.
Upgrade to 66.0.1-1.
The problems have been fixed upstream in version 66.0.1.
None.
An incorrect alias information in the IonMonkey JIT compiler of Firefox
before 66.0.1 for the Array.prototype.slice method may lead to missing
bounds check and a buffer overflow.
An incorrect handling of proto mutations may lead to type confusion
in the IonMonkey JIT code of Firefox before 66.0.1 and can be leveraged
for arbitrary memory read and write.
A remote attacker can execute arbitrary code on the affected host.
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
https://bugzilla.mozilla.org/show_bug.cgi?id=1537924
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
https://security.archlinux.org/CVE-2019-9810
https://security.archlinux.org/CVE-2019-9813
bugzilla.mozilla.org/show_bug.cgi?id=1537924
bugzilla.mozilla.org/show_bug.cgi?id=1538006
security.archlinux.org/AVG-930
security.archlinux.org/CVE-2019-9810
security.archlinux.org/CVE-2019-9813
www.mozilla.org/en-US/security/advisories/mfsa2019-09/
www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%