CVE-2019-9793
Mozilla: Improper bounds checks when Spectre mitigations are disabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Se encontró un mecanismo que elimina algunos límites para comprobar los accesos de cadenas, matrices o matrices escritas si se han deshabilitado las mitigaciones de Specter. Esta vulnerabilidad podría permitir a un atacante crear un valor arbitrario en JavaScript compilado, para el cual el análisis de rango inferirá un rango totalmente controlado e incorrecto en circunstancias donde los usuarios han inhabilitado explícitamente las mitigaciones de Spectre. * Nota: las configuraciones de Specter están actualmente habilitadas para todos los usuarios por la configuración por defecto. *. Esta vulnerabilidad inpacta a Thunderbird versión <60.6, Firefox ESR versión <60.6 y Firefox versión <66
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-14 CVE Reserved
- 2019-03-20 CVE Published
- 2024-04-19 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:0966 | 2019-05-13 | |
https://access.redhat.com/errata/RHSA-2019:1144 | 2019-05-13 | |
https://www.mozilla.org/security/advisories/mfsa2019-07 | 2019-05-13 | |
https://www.mozilla.org/security/advisories/mfsa2019-08 | 2019-05-13 | |
https://www.mozilla.org/security/advisories/mfsa2019-11 | 2019-05-13 | |
https://access.redhat.com/security/cve/CVE-2019-9793 | 2019-05-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1690678 | 2019-05-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 66.0 Search vendor "Mozilla" for product "Firefox" and version " < 66.0" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 60.6 Search vendor "Mozilla" for product "Firefox Esr" and version " < 60.6" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 60.6 Search vendor "Mozilla" for product "Thunderbird" and version " < 60.6" | - |
Affected
|