Lucene search
MozillaCVE-2019-9795HistoryApr 26, 2019 - 5:29 p.m.
CVE-2019-9795
2019-04-2617:29:02
CWE-843
CWE-617
mozilla
web.nvd.nist.gov
239
vulnerability
type-confusion
ionmonkey
jit compiler
thunderbird
firefox esr
firefox
nvd
cve-2019-9795
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.009
Percentile
82.7%
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Affected configurations
Node
mozillafirefoxRange<66.0
ORmozillafirefox_esrRange<60.6
ORmozillathunderbirdRange<60.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "66",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
alpinelinux
alpinelinux
CVE-2019-9795
2019-04-26 17:29:02
ubuntucve
ubuntucve
CVE-2019-9795
2019-03-20 00:00:00
nvd
nvd
CVE-2019-9795
2019-04-26 17:29:02
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:58:52
cvelist
cvelist
CVE-2019-9795
2019-04-26 16:13:22
debiancve
debiancve
CVE-2019-9795
2019-04-26 17:29:02
prion
prion
Type confusion
2019-04-26 17:29:00
redhatcve
redhatcve
CVE-2019-9795
2020-04-04 17:28:18
openvas
openvas
Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2022-1609)
2022-05-05 00:00:00
Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2022-1431)
2022-04-20 00:00:00
Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2022-1632)
2022-05-05 00:00:00
nessus
nessus
EulerOS Virtualization 2.9.0 : mozjs60 (EulerOS-SA-2022-1632)
2022-05-05 00:00:00
EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2022-1431)
2022-04-18 00:00:00
EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2022-1452)
2022-04-18 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2019-06-28 07:50:01
oraclelinux
oraclelinux
firefox security update
2019-03-20 00:00:00
firefox security update
2019-03-20 00:00:00
thunderbird security update
2019-03-28 00:00:00
debian
debian
[SECURITY] [DSA 4411-1] firefox-esr security update
2019-03-20 22:09:19
[SECURITY] [DSA 4420-1] thunderbird security update
2019-03-30 15:31:08
[SECURITY] [DLA 1743-1] thunderbird security update
2019-04-01 09:03:24
centos
centos
firefox security update
2019-03-22 13:50:10
firefox security update
2019-03-22 13:54:23
thunderbird security update
2019-04-01 19:08:08
mageia
mageia
Updated firefox packages fix security vulnerability
2019-03-21 19:36:46
Updated thunderbird packages fix security vulnerability
2019-04-05 21:12:59
redhat
redhat
(RHSA-2019:0622) Critical: firefox security update
2019-03-20 11:17:48
(RHSA-2019:0623) Critical: firefox security update
2019-03-20 11:19:10
(RHSA-2019:0966) Critical: firefox security update
2019-05-07 03:37:57
osv
osv
firefox-esr - security update
2019-03-20 00:00:00
thunderbird - security update
2019-04-01 00:00:00
thunderbird - security update
2019-03-30 00:00:00
kaspersky
kaspersky
KLA11440 Multiple vulnerabilities in Mozilla Firefox ESR
2019-03-19 00:00:00
KLA11569 Multiple vulnerabilities in Mozilla Thunderbird
2019-03-19 00:00:00
KLA11439 Multiple vulnerabilities in Mozilla Firefox
2019-03-19 00:00:00
amazon
amazon
Critical: thunderbird
2019-04-25 16:37:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.6.0-alt1
2019-03-21 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 60.6.0-alt1
2019-03-21 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 60.6 — Mozilla
2019-03-19 00:00:00
Security vulnerabilities fixed in Firefox ESR 60.6 — Mozilla
2019-03-19 00:00:00
Security vulnerabilities fixed in Firefox 66 — Mozilla
2019-03-19 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2019-03-28 00:00:00
Firefox regression
2019-03-28 00:00:00
Firefox vulnerabilities
2019-03-25 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2019-03-29 00:00:00
Security update for MozillaFirefox (important)
2019-03-27 00:00:00
Security update for MozillaThunderbird (critical)
2019-04-03 00:00:00
archlinux
archlinux
[ASA-201903-11] firefox: multiple issues
2019-03-22 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-03-19 00:00:00
gentoo
gentoo
Mozilla Thunderbird and Firefox: Multiple vulnerabilities
2019-04-02 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.009
Percentile
82.7%
Related for CVE-2019-9795