Published: 23/07/2019 Updated: 15/08/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.3 | Impact Score: 3.7 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A sandbox escape exists in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811)

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-4054-1 caused some minor regressions in Firefox ...

In Firefox before 680, until explicitly accessed by script, windowglobalThis is not enumerable and, as a result, is not visible to code such as ObjectgetOwnPropertyNames(window) Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed ...

Mozilla Foundation Security Advisory 2019-21 Security vulnerabilities fixed in Firefox 68 Announced July 9, 2019 Impact critical Products Firefox Fixed in Firefox 68 ...

Mozilla Foundation Security Advisory 2019-28 Security vulnerabilities fixed in Thunderbird 68 Announced August 27, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 68 ...

CWE-20 https://www.mozilla.org/security/advisories/mfsa2019-21/https://bugzilla.mozilla.org/show_bug.cgi?id=1552632 https://security.gentoo.org/glsa/201908-12 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://nvd.nist.gov https://usn.ubuntu.com/4054-1/

CVE-2019-11716

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect