CVE-2019-9800

HIGH

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580

https://www.mozilla.org/security/advisories/mfsa2019-13/

https://www.mozilla.org/security/advisories/mfsa2019-14/

https://www.mozilla.org/security/advisories/mfsa2019-15/

Details

Source: MITRE

Published: 2019-07-23

Updated: 2019-07-26

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (53 total)

IDNameProductFamilySeverity
145688CentOS 8 : firefox (CESA-2019:1269)NessusCentOS Local Security Checks
high
145630CentOS 8 : thunderbird (CESA-2019:1308)NessusCentOS Local Security Checks
high
128698NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)NessusNewStart CGSL Local Security Checks
critical
128691NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)NessusNewStart CGSL Local Security Checks
critical
127589Oracle Linux 8 : thunderbird (ELSA-2019-1308)NessusOracle Linux Local Security Checks
high
127587Oracle Linux 8 : firefox (ELSA-2019-1269)NessusOracle Linux Local Security Checks
high
127459NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0169)NessusNewStart CGSL Local Security Checks
high
127455NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0167)NessusNewStart CGSL Local Security Checks
high
127439NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)NessusNewStart CGSL Local Security Checks
high
127438NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)NessusNewStart CGSL Local Security Checks
high
127305NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0088)NessusNewStart CGSL Local Security Checks
high
127304NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0087)NessusNewStart CGSL Local Security Checks
high
125948Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Firefox regression (USN-3991-3)NessusUbuntu Local Security Checks
high
125901Amazon Linux 2 : thunderbird (ALAS-2019-1229)NessusAmazon Linux Local Security Checks
high
125809openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)NessusSuSE Local Security Checks
high
125803CentOS 6 : thunderbird (CESA-2019:1310)NessusCentOS Local Security Checks
high
125802CentOS 7 : thunderbird (CESA-2019:1309)NessusCentOS Local Security Checks
high
125766Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : firefox regression (USN-3991-2)NessusUbuntu Local Security Checks
high
125716Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)NessusScientific Linux Local Security Checks
high
125715Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190604)NessusScientific Linux Local Security Checks
high
125702SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1)NessusSuSE Local Security Checks
high
125692RHEL 6 : thunderbird (RHSA-2019:1310)NessusRed Hat Local Security Checks
high
125691RHEL 7 : thunderbird (RHSA-2019:1309)NessusRed Hat Local Security Checks
high
125690RHEL 8 : thunderbird (RHSA-2019:1308)NessusRed Hat Local Security Checks
high
125689Oracle Linux 6 : thunderbird (ELSA-2019-1310)NessusOracle Linux Local Security Checks
high
125688Oracle Linux 7 : thunderbird (ELSA-2019-1309)NessusOracle Linux Local Security Checks
high
125672SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1)NessusSuSE Local Security Checks
high
125669openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)NessusSuSE Local Security Checks
high
125554CentOS 6 : firefox (CESA-2019:1267)NessusCentOS Local Security Checks
high
125553CentOS 7 : firefox (CESA-2019:1265)NessusCentOS Local Security Checks
high
125545Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Thunderbird vulnerabilities (USN-3997-1)NessusUbuntu Local Security Checks
high
125449Scientific Linux Security Update : firefox on SL7.x x86_64 (20190524)NessusScientific Linux Local Security Checks
high
125447Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)NessusScientific Linux Local Security Checks
high
125444Oracle Linux 6 : firefox (ELSA-2019-1267)NessusOracle Linux Local Security Checks
high
125443Oracle Linux 7 : firefox (ELSA-2019-1265)NessusOracle Linux Local Security Checks
high
125415Debian DSA-4451-1 : thunderbird - security updateNessusDebian Local Security Checks
high
125412Debian DLA-1806-1 : thunderbird security updateNessusDebian Local Security Checks
high
125385RHEL 8 : firefox (RHSA-2019:1269)NessusRed Hat Local Security Checks
high
125383RHEL 6 : firefox (RHSA-2019:1267)NessusRed Hat Local Security Checks
high
125382RHEL 7 : firefox (RHSA-2019:1265)NessusRed Hat Local Security Checks
high
125374Debian DLA-1800-1 : firefox-esr security updateNessusDebian Local Security Checks
high
125363Mozilla Firefox ESR < 60.7NessusWindows
high
125362Mozilla Firefox ESR < 60.7NessusMacOS X Local Security Checks
high
125361Mozilla Firefox < 67.0NessusWindows
high
125360Mozilla Firefox < 67.0NessusMacOS X Local Security Checks
high
125359Mozilla Thunderbird < 60.7NessusWindows
high
125358Mozilla Thunderbird < 60.7NessusMacOS X Local Security Checks
high
125346FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)NessusFreeBSD Local Security Checks
high
125343Debian DSA-4448-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
125339Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Firefox vulnerabilities (USN-3991-1)NessusUbuntu Local Security Checks
high
700733Mozilla Firefox ESR < 60.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
700727Mozilla Firefox < 67.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
700742Mozilla Thunderbird < 60.7 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high