Lucene search
MozillaCVELIST:CVE-2019-9812HistoryJan 08, 2020 - 9:41 p.m.
CVE-2019-9812
2020-01-0821:41:06
mozilla
www.cve.org
1
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
CNA Affected
[
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 60.9"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 68.1"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 69"
}
]
}
]Related
redhatcve
redhatcve
CVE-2019-9812
2019-09-04 01:23:47
zdi
zdi
veracode
veracode
Sandbox Restrictions Bypass
2019-09-11 00:06:45
alpinelinux
alpinelinux
CVE-2019-9812
2020-01-08 22:15:13
cve
cve
CVE-2019-9812
2020-01-08 22:15:13
debiancve
debiancve
CVE-2019-9812
2020-01-08 22:15:13
ubuntucve
ubuntucve
CVE-2019-9812
2019-09-04 00:00:00
nvd
nvd
CVE-2019-9812
2020-01-08 22:15:13
prion
prion
Code injection
2020-01-08 22:15:00
openvas
openvas
Mozilla Firefox ESR Security Advisories - 1 - (MFSA2019-25, MFSA2019-27) - Mac OS X
2019-09-05 00:00:00
Debian: Security Advisory (DSA-4516-1)
2019-09-07 00:00:00
Debian: Security Advisory (DLA-1910-1)
2019-09-07 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2019-11-25 00:00:00
nessus
nessus
Debian DLA-1910-1 : firefox-esr security update
2019-09-09 00:00:00
GLSA-201911-07 : Mozilla Firefox: Multiple vulnerabilities
2019-11-25 00:00:00
Debian DSA-4516-1 : firefox-esr - security update
2019-09-06 00:00:00
debian
debian
[SECURITY] [DSA 4516-1] firefox-esr security update
2019-09-05 19:00:06
[SECURITY] [DLA 1910-1] firefox-esr security update
2019-09-06 09:37:16
osv
osv
firefox-esr - security update
2019-09-06 00:00:00
firefox-esr - security update
2019-09-05 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-09-12 22:09:52
Updated firefox packages fix security vulnerabilities
2019-09-12 22:09:52
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 60.9 — Mozilla
2019-09-03 00:00:00
Security vulnerabilities fixed in Firefox ESR 68.1 — Mozilla
2019-09-03 00:00:00
Security vulnerabilities fixed in Firefox 69 — Mozilla
2019-09-03 00:00:00
oraclelinux
oraclelinux
firefox security update
2019-09-11 00:00:00
firefox security update
2019-09-10 00:00:00
firefox security update
2019-09-06 00:00:00
centos
centos
firefox security update
2019-09-17 21:47:04
firefox security update
2019-09-18 21:10:48
redhat
redhat
(RHSA-2019:2729) Important: firefox security update
2019-09-11 07:15:24
(RHSA-2019:2694) Important: firefox security update
2019-09-10 06:57:37
(RHSA-2019:2663) Important: firefox security update
2019-09-04 20:00:30
ibm
ibm
ubuntu
ubuntu
Firefox vulnerabilities
2019-09-04 00:00:00
Firefox regression
2019-10-08 00:00:00
kaspersky
kaspersky
KLA11545 Multiple vulnerabilities in Mozilla Firefox ESR
2019-09-03 00:00:00
KLA11546 Multiple vulnerabilities in Mozilla Firefox
2019-09-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1
2019-09-04 00:00:00
archlinux
archlinux
[ASA-201909-2] firefox: multiple issues
2019-09-04 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-09-03 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2019-10-05 00:00:00
Security update for MozillaFirefox (important)
2019-10-06 00:00:00