CVE-2019-9791

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

References

https://www.mozilla.org/security/advisories/mfsa2019-11/

https://www.mozilla.org/security/advisories/mfsa2019-08/

https://www.mozilla.org/security/advisories/mfsa2019-07/

https://bugzilla.mozilla.org/show_bug.cgi?id=1530958

https://access.redhat.com/errata/RHSA-2019:0966

https://access.redhat.com/errata/RHSA-2019:1144

Details

Source: MITRE

Published: 2019-04-26

Updated: 2021-07-21

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
145595CentOS 8 : firefox (CESA-2019:0966)NessusCentOS Local Security Checks
critical
127579Oracle Linux 8 : thunderbird (ELSA-2019-1144)NessusOracle Linux Local Security Checks
critical
127459NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0169)NessusNewStart CGSL Local Security Checks
critical
127427NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0153)NessusNewStart CGSL Local Security Checks
critical
127319NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0095)NessusNewStart CGSL Local Security Checks
critical
127308NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0090)NessusNewStart CGSL Local Security Checks
critical
127260NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0064)NessusNewStart CGSL Local Security Checks
critical
127257NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0062)NessusNewStart CGSL Local Security Checks
critical
125498EulerOS 2.0 SP3 : firefox (EulerOS-SA-2019-1571)NessusHuawei Local Security Checks
critical
124845RHEL 8 : thunderbird (RHSA-2019:1144)NessusRed Hat Local Security Checks
critical
124662RHEL 8 : firefox (RHSA-2019:0966)NessusRed Hat Local Security Checks
critical
124378EulerOS 2.0 SP2 : firefox (EulerOS-SA-2019-1282)NessusHuawei Local Security Checks
critical
124301Amazon Linux 2 : thunderbird (ALAS-2019-1195)NessusAmazon Linux Local Security Checks
critical
124114Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox regressions (USN-3918-4)NessusUbuntu Local Security Checks
critical
123817openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1162)NessusSuSE Local Security Checks
critical
123781SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0871-1)NessusSuSE Local Security Checks
critical
123747SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:0852-1)NessusSuSE Local Security Checks
critical
123581GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
123563Debian DLA-1743-1 : thunderbird security updateNessusDebian Local Security Checks
critical
123562CentOS 7 : thunderbird (CESA-2019:0681)NessusCentOS Local Security Checks
critical
123561CentOS 6 : thunderbird (CESA-2019:0680)NessusCentOS Local Security Checks
critical
123541openSUSE Security Update : MozillaFirefox (openSUSE-2019-1077)NessusSuSE Local Security Checks
critical
123532Debian DSA-4420-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
700487Mozilla Firefox < 66.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
123507Mozilla Thunderbird < 60.6NessusWindows
critical
123506Mozilla Thunderbird < 60.6NessusMacOS X Local Security Checks
critical
123505Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Thunderbird vulnerabilities (USN-3927-1)NessusUbuntu Local Security Checks
critical
123502Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : Firefox regression (USN-3918-3)NessusUbuntu Local Security Checks
critical
123491Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190328)NessusScientific Linux Local Security Checks
critical
123490Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190328)NessusScientific Linux Local Security Checks
critical
123488RHEL 7 : thunderbird (RHSA-2019:0681)NessusRed Hat Local Security Checks
critical
123487RHEL 6 : thunderbird (RHSA-2019:0680)NessusRed Hat Local Security Checks
critical
123485Oracle Linux 7 : thunderbird (ELSA-2019-0681)NessusOracle Linux Local Security Checks
critical
123484Oracle Linux 6 : thunderbird (ELSA-2019-0680)NessusOracle Linux Local Security Checks
critical
123438openSUSE Security Update : MozillaFirefox (openSUSE-2019-1056)NessusSuSE Local Security Checks
critical
123127Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-3918-2)NessusUbuntu Local Security Checks
critical
123078Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : Firefox vulnerabilities (USN-3918-1)NessusUbuntu Local Security Checks
critical
123057Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190320)NessusScientific Linux Local Security Checks
critical
123021Debian DSA-4411-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
123016Debian DLA-1722-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
123015CentOS 6 : firefox (CESA-2019:0623)NessusCentOS Local Security Checks
critical
123014CentOS 7 : firefox (CESA-2019:0622)NessusCentOS Local Security Checks
critical
122995Scientific Linux Security Update : firefox on SL7.x x86_64 (20190320)NessusScientific Linux Local Security Checks
critical
122994RHEL 6 : firefox (RHSA-2019:0623)NessusRed Hat Local Security Checks
critical
122993RHEL 7 : firefox (RHSA-2019:0622)NessusRed Hat Local Security Checks
critical
122992Oracle Linux 6 : firefox (ELSA-2019-0623)NessusOracle Linux Local Security Checks
critical
122991Oracle Linux 7 : firefox (ELSA-2019-0622)NessusOracle Linux Local Security Checks
critical
122959FreeBSD : mozilla -- multiple vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)NessusFreeBSD Local Security Checks
critical
122950Mozilla Firefox ESR < 60.6NessusWindows
critical
122949Mozilla Firefox ESR < 60.6NessusMacOS X Local Security Checks
critical
122948Mozilla Firefox < 66.0NessusWindows
critical
122947Mozilla Firefox < 66.0NessusMacOS X Local Security Checks
critical