CVE-2019-9818high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
References
https://www.mozilla.org/security/advisories/mfsa2019-15/
https://www.mozilla.org/security/advisories/mfsa2019-14/
Details
Source: MITRE
Published: 2019-07-23
Updated: 2021-07-21
Type: CWE-362
Risk Information
CVSS v2
Base Score: 5.1
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 4.9
Severity: MEDIUM
CVSS v3
Base Score: 8.3
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 1.6
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125809 | openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534) | Nessus | SuSE Local Security Checks | critical |
| 125702 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1) | Nessus | SuSE Local Security Checks | critical |
| 125672 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1) | Nessus | SuSE Local Security Checks | critical |
| 125669 | openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484) | Nessus | SuSE Local Security Checks | critical |
| 125363 | Mozilla Firefox ESR < 60.7 | Nessus | Windows | critical |
| 125362 | Mozilla Firefox ESR < 60.7 | Nessus | MacOS X Local Security Checks | critical |
| 125361 | Mozilla Firefox < 67.0 | Nessus | Windows | critical |
| 125360 | Mozilla Firefox < 67.0 | Nessus | MacOS X Local Security Checks | critical |
| 125359 | Mozilla Thunderbird < 60.7 | Nessus | Windows | critical |
| 125358 | Mozilla Thunderbird < 60.7 | Nessus | MacOS X Local Security Checks | critical |
| 125346 | FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272) | Nessus | FreeBSD Local Security Checks | critical |
| 700733 | Mozilla Firefox ESR < 60.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 700727 | Mozilla Firefox < 67.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 700742 | Mozilla Thunderbird < 60.7 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | high |