Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-9810

Published: 26/04/2019 Updated: 30/03/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 692
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mozilla

Vulnerability Summary

It exists that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox esr

mozilla thunderbird

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.2

redhat enterprise linux server aus 8.4

redhat enterprise linux server tus 8.2

redhat enterprise linux server tus 8.4

Vendor Advisories

Debian Security Advisories: DSA-4417-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 6061esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed security status of firefox-esr ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Amazon Linux 2: ALAS2-2019-1195
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow f ...
Arch Linux Issues:
An incorrect alias information in the IonMonkey JIT compiler of Firefox before 6601 for the Arrayprototypeslice method may lead to missing bounds check and a buffer overflow ...
Mozilla: Security vulnerabilities fixed in Thunderbird 60.6.1
Mozilla Foundation Security Advisory 2019-12 Security vulnerabilities fixed in Thunderbird 6061 Announced March 25, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 6061 ...
Mozilla: Security vulnerabilities fixed in Firefox 60.6.1
Mozilla Foundation Security Advisory 2019-10 Security vulnerabilities fixed in Firefox 6061 Announced March 22, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 6061 ...
Mozilla: Security vulnerabilities fixed in Firefox 66.0.1
Mozilla Foundation Security Advisory 2019-09 Security vulnerabilities fixed in Firefox 6601 Announced March 22, 2019 Impact critical Products Firefox Fixed in Firefox 6601 ...

Exploits

Exploit DB: Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
&lt;script&gt; let size = 64; garr = []; j = 0; function gc(){ var tmp = []; for(let i = 0;i &lt; 0x20000;i++){ tmp[i] = new Uint32Array(size * 2); for(let j = 0;j &lt; (size*2);j+=2){ tmp[i][j] = 0x12345678; tmp[i][j+1] = 0xfffe0123; } } garr[j++] = tmp; } let arr = [{},22]; let obj = {}; obj[Symbolspecies] = function(){ vi ...
Exploit DB: Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download ~ githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752zip // 0:000&gt; ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000`051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13n; // 0:000&gt; ? xul!disabledForTest - xul ...

Github Repositories

https://github.com/mgaudet/SpiderMonkeyBibliography

The Unofficial Incomplete Spidermonkey Bibliography

A collection of links to published articles, blog posts, talks, and other important pieces of history of the SpiderMonkey JavaScript engine The goal is try to collect together much of what has been written about SpiderMonkey across the internet This includes research done atop SpiderMonkey, as well as techniques and advances within the engine Annotations 🏚 Obsolete: Code

https://github.com/0vercl0k/CVE-2019-11708

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

Full chain exploit for CVE-2019-11708 &amp; CVE-2019-9810 This is a full browser compromise exploit chain (CVE-2019-11708 &amp; CVE-2019-9810) targeting Firefox on Windows 64-bit It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL

https://github.com/xuechiyaobai/CVE-2019-9810-PoC

Array.prototype.slice wrong alias information.

CVE-2019-9810-PoC Arrayprototypeslice wrong alias information This bug I was found last year And it was collision with @fluoroacetate in p2o 2019 It was fixed in firefox 6601

https://github.com/0vercl0k/CVE-2019-9810

Exploit for CVE-2019-9810 Firefox on Windows 64-bit.

CVE-2019-9810 Exploit for Firefox on Windows CVE-2019-9810 is a vulnerability that has been found and exploited at Pwn2Own 2019 by Richard Zhu and Amat Cama It affects Mozilla's JavaScript engine, Spidermonkey and was used to achieve renderer compromise The issue has been fixed in mfsa2019-09 about two months ago

https://github.com/hyperupcall/stars

Edwin's stars.

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ANTLR ASL Ada Assembly AutoHotkey Awk Ballerina Batchfile Bicep Blade Brainfuck C C# C++ CMake CSS CUE Clojure CodeQL CoffeeScript Common Lisp Coq Crystal Cuda Cython D Dart Dhall Dockerfile Elixir Emacs Lisp Erlang F# F* Fennel Forth Fortran Frege GDScript Gherkin Go Groovy HCL HTML Haml Handle

https://github.com/tunnelshade/cve-2019-11707

https://bugs.chromium.org/p/project-zero/issues/detail?id=1820

SpiderMonkey - CVE-2019-11707 Bug: bugschromiumorg/p/project-zero/issues/detail?id=1820 Screenshots Files exploitjs - Actual exploit, prepended by saelo's utiljs &amp; Int64js stagerjs - Used for creating constants, prepended by saelo's utiljs &amp; Int64js stagerpy - Used to assemble instructions using keystone Output is fed to stagerj

https://github.com/a0viedo/demystifying-js-engines

A list of resources about JavaScript engines

This is a list of resources I used to learn about virtual machines in general, from an architecture point of view to optimizations and garbage collection strategies I've also put together some parts into a talk format, you can see the video here (slides) Contributions are very welcome! Table of Contents generated with DocToc Virtual machines JavaScript Engines V8 J

References

CWE-119https://www.mozilla.org/security/advisories/mfsa2019-12/https://www.mozilla.org/security/advisories/mfsa2019-10/https://www.mozilla.org/security/advisories/mfsa2019-09/https://bugzilla.mozilla.org/show_bug.cgi?id=1537924https://access.redhat.com/errata/RHSA-2019:0966https://access.redhat.com/errata/RHSA-2019:1144http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4417https://usn.ubuntu.com/3919-1/https://www.exploit-db.com/exploits/46605https://usn.ubuntu.com/3927-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook