Lucene search
Niklas Baumstark (@_niklasb)ZDI-19-782HistorySep 05, 2019 - 12:00 a.m.
(Pwn2Own) Mozilla Firefox sync Universal Cross-Site Scripting Sandbox Escape Vulnerability
2019-09-0500:00:00
Niklas Baumstark (@_niklasb)
www.zerodayinitiative.com
14
0.005 Low
EPSS
Percentile
77.1%
This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a universal cross-site scripting issue when syncing accounts. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current user at medium integrity.
Related
veracode
veracode
Sandbox Restrictions Bypass
2019-09-11 00:06:45
redhatcve
redhatcve
CVE-2019-9812
2019-09-04 01:23:47
cvelist
cvelist
CVE-2019-9812
2020-01-08 21:41:06
alpinelinux
alpinelinux
CVE-2019-9812
2020-01-08 22:15:13
cve
cve
CVE-2019-9812
2020-01-08 22:15:13
debiancve
debiancve
CVE-2019-9812
2020-01-08 22:15:13
ubuntucve
ubuntucve
CVE-2019-9812
2019-09-04 00:00:00
nvd
nvd
CVE-2019-9812
2020-01-08 22:15:13
prion
prion
Code injection
2020-01-08 22:15:00
openvas
openvas
Mozilla Firefox ESR Security Advisories - 1 - (MFSA2019-25, MFSA2019-27) - Mac OS X
2019-09-05 00:00:00
Debian: Security Advisory (DSA-4516-1)
2019-09-07 00:00:00
Debian: Security Advisory (DLA-1910-1)
2019-09-07 00:00:00
nessus
nessus
Debian DLA-1910-1 : firefox-esr security update
2019-09-09 00:00:00
GLSA-201911-07 : Mozilla Firefox: Multiple vulnerabilities
2019-11-25 00:00:00
Debian DSA-4516-1 : firefox-esr - security update
2019-09-06 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2019-11-25 00:00:00
debian
debian
[SECURITY] [DLA 1910-1] firefox-esr security update
2019-09-06 09:37:16
[SECURITY] [DSA 4516-1] firefox-esr security update
2019-09-05 19:00:06
osv
osv
firefox-esr - security update
2019-09-05 00:00:00
firefox-esr - security update
2019-09-06 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-09-12 22:09:52
Updated firefox packages fix security vulnerabilities
2019-09-12 22:09:52
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 60.9 — Mozilla
2019-09-03 00:00:00
Security vulnerabilities fixed in Firefox ESR 68.1 — Mozilla
2019-09-03 00:00:00
Security vulnerabilities fixed in Firefox 69 — Mozilla
2019-09-03 00:00:00
centos
centos
firefox security update
2019-09-18 21:10:48
firefox security update
2019-09-17 21:47:04
oraclelinux
oraclelinux
firefox security update
2019-09-10 00:00:00
firefox security update
2019-09-11 00:00:00
firefox security update
2019-09-06 00:00:00
redhat
redhat
(RHSA-2019:2694) Important: firefox security update
2019-09-10 06:57:37
(RHSA-2019:2729) Important: firefox security update
2019-09-11 07:15:24
(RHSA-2019:2663) Important: firefox security update
2019-09-04 20:00:30
ibm
ibm
ubuntu
ubuntu
Firefox vulnerabilities
2019-09-04 00:00:00
Firefox regression
2019-10-08 00:00:00
archlinux
archlinux
[ASA-201909-2] firefox: multiple issues
2019-09-04 00:00:00
kaspersky
kaspersky
KLA11545 Multiple vulnerabilities in Mozilla Firefox ESR
2019-09-03 00:00:00
KLA11546 Multiple vulnerabilities in Mozilla Firefox
2019-09-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1
2019-09-04 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-09-03 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2019-10-06 00:00:00
Security update for MozillaFirefox (important)
2019-10-05 00:00:00