Lucene search
Ubuntu.comUB:CVE-2019-25136HistoryJun 19, 2023 - 12:00 a.m.
CVE-2019-25136
2023-06-1900:00:00
ubuntu.com
ubuntu.com
15
compromised child process
xbl bindings
arbitrary code execution
sandbox escape
firefox < 70
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.003
Percentile
72.1%
A compromised child process could have injected XBL Bindings into
privileged CSS rules, resulting in arbitrary code execution and a sandbox
escape. This vulnerability affects Firefox < 70.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
Related
debiancve
debiancve
CVE-2019-25136
2023-06-19 11:15:09
nvd
nvd
CVE-2019-25136
2023-06-19 11:15:09
cve
cve
CVE-2019-25136
2023-06-19 11:15:09
cvelist
cvelist
CVE-2019-25136
2023-06-19 10:45:09
redhatcve
redhatcve
CVE-2019-25136
2023-06-21 09:44:41
prion
prion
Code injection
2023-06-19 11:15:00
nessus
nessus
RHEL 6 : firefox (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : firefox (Unpatched Vulnerability)
2024-05-11 00:00:00
openvas
openvas
Mozilla Firefox Security Advisories (MFSA2019-33, MFSA2019-34) - Windows
2019-10-23 00:00:00
Mozilla Firefox Security Advisories (MFSA2019-33, MFSA2019-34) - Mac OS X
2019-10-23 00:00:00
Mozilla Firefox Security Advisory (MFSA2019-34) - Linux
2021-11-08 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in - Firefox 70 — Mozilla
2019-10-22 00:00:00
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.003
Percentile
72.1%
Related for UB:CVE-2019-25136