CVE-2019-9788

HIGH

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

References

https://access.redhat.com/errata/RHSA-2019:0966

https://access.redhat.com/errata/RHSA-2019:1144

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203

https://www.mozilla.org/security/advisories/mfsa2019-07/

https://www.mozilla.org/security/advisories/mfsa2019-08/

https://www.mozilla.org/security/advisories/mfsa2019-11/

Details

Source: MITRE

Published: 2019-04-26

Updated: 2019-05-13

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
145595CentOS 8 : firefox (CESA-2019:0966)NessusCentOS Local Security Checks
high
127579Oracle Linux 8 : thunderbird (ELSA-2019-1144)NessusOracle Linux Local Security Checks
high
127459NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0169)NessusNewStart CGSL Local Security Checks
high
127427NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0153)NessusNewStart CGSL Local Security Checks
high
127319NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0095)NessusNewStart CGSL Local Security Checks
high
127308NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0090)NessusNewStart CGSL Local Security Checks
high
127260NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0064)NessusNewStart CGSL Local Security Checks
high
127257NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0062)NessusNewStart CGSL Local Security Checks
high
125498EulerOS 2.0 SP3 : firefox (EulerOS-SA-2019-1571)NessusHuawei Local Security Checks
high
124845RHEL 8 : thunderbird (RHSA-2019:1144)NessusRed Hat Local Security Checks
high
124662RHEL 8 : firefox (RHSA-2019:0966)NessusRed Hat Local Security Checks
high
124378EulerOS 2.0 SP2 : firefox (EulerOS-SA-2019-1282)NessusHuawei Local Security Checks
high
124301Amazon Linux 2 : thunderbird (ALAS-2019-1195)NessusAmazon Linux Local Security Checks
high
124114Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox regressions (USN-3918-4)NessusUbuntu Local Security Checks
high
123817openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1162)NessusSuSE Local Security Checks
high
123781SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0871-1)NessusSuSE Local Security Checks
high
123747SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:0852-1)NessusSuSE Local Security Checks
high
123581GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
123563Debian DLA-1743-1 : thunderbird security updateNessusDebian Local Security Checks
high
123562CentOS 7 : thunderbird (CESA-2019:0681)NessusCentOS Local Security Checks
high
123561CentOS 6 : thunderbird (CESA-2019:0680)NessusCentOS Local Security Checks
high
123541openSUSE Security Update : MozillaFirefox (openSUSE-2019-1077)NessusSuSE Local Security Checks
high
123532Debian DSA-4420-1 : thunderbird - security updateNessusDebian Local Security Checks
high
700487Mozilla Firefox < 66.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
123507Mozilla Thunderbird < 60.6NessusWindows
high
123506Mozilla Thunderbird < 60.6NessusMacOS X Local Security Checks
high
123505Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3927-1)NessusUbuntu Local Security Checks
high
123502Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox regression (USN-3918-3)NessusUbuntu Local Security Checks
high
123491Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190328)NessusScientific Linux Local Security Checks
high
123490Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190328)NessusScientific Linux Local Security Checks
high
123488RHEL 7 : thunderbird (RHSA-2019:0681)NessusRed Hat Local Security Checks
high
123487RHEL 6 : thunderbird (RHSA-2019:0680)NessusRed Hat Local Security Checks
high
123485Oracle Linux 7 : thunderbird (ELSA-2019-0681)NessusOracle Linux Local Security Checks
high
123484Oracle Linux 6 : thunderbird (ELSA-2019-0680)NessusOracle Linux Local Security Checks
high
123438openSUSE Security Update : MozillaFirefox (openSUSE-2019-1056)NessusSuSE Local Security Checks
high
123127Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-3918-2)NessusUbuntu Local Security Checks
high
123078Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : Firefox vulnerabilities (USN-3918-1)NessusUbuntu Local Security Checks
high
123057Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190320)NessusScientific Linux Local Security Checks
high
123021Debian DSA-4411-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
123016Debian DLA-1722-1 : firefox-esr security updateNessusDebian Local Security Checks
high
123015CentOS 6 : firefox (CESA-2019:0623)NessusCentOS Local Security Checks
high
123014CentOS 7 : firefox (CESA-2019:0622)NessusCentOS Local Security Checks
high
122995Scientific Linux Security Update : firefox on SL7.x x86_64 (20190320)NessusScientific Linux Local Security Checks
high
122994RHEL 6 : firefox (RHSA-2019:0623)NessusRed Hat Local Security Checks
high
122993RHEL 7 : firefox (RHSA-2019:0622)NessusRed Hat Local Security Checks
high
122992Oracle Linux 6 : firefox (ELSA-2019-0623)NessusOracle Linux Local Security Checks
high
122991Oracle Linux 7 : firefox (ELSA-2019-0622)NessusOracle Linux Local Security Checks
high
122959FreeBSD : mozilla -- multiple vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)NessusFreeBSD Local Security Checks
high
122950Mozilla Firefox ESR < 60.6NessusWindows
high
122949Mozilla Firefox ESR < 60.6NessusMacOS X Local Security Checks
high
122948Mozilla Firefox < 66.0NessusWindows
high
122947Mozilla Firefox < 66.0NessusMacOS X Local Security Checks
high