Published: 08/01/2020 Updated: 21/07/2021

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.3 | Impact Score: 5.8 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

In Firefox prior to 69.0, given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox esr

USN-4122-1 caused a regression in Firefox ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service For the oldstable distribution (stretch), these problems have been fixed in version 609 ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

In Firefox before 690, given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accountsfirefoxcom in that process and forcing a log-in to a malicious Firefox Sync account Preference settings that disable the sandbox are then synchronized to the local machine and the comprom ...

Mozilla Foundation Security Advisory 2019-26 Security vulnerabilities fixed in Firefox ESR 681 Announced September 3, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 681 ...

Mozilla Foundation Security Advisory 2019-25 Security vulnerabilities fixed in Firefox 69 Announced September 3, 2019 Impact critical Products Firefox Fixed in Firefox 69 ...

Mozilla Foundation Security Advisory 2019-27 Security vulnerabilities fixed in Firefox ESR 609 Announced September 3, 2019 Impact high Products Firefox ESR Fixed in Firefox ESR 609 ...

NVD-CWE-noinfo https://bugzilla.mozilla.org/show_bug.cgi?id=1538008 https://www.mozilla.org/security/advisories/mfsa2019-27/https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://bugzilla.mozilla.org/show_bug.cgi?id=1538015 https://nvd.nist.gov https://usn.ubuntu.com/4122-2/https://security.archlinux.org/CVE-2019-9812

Get Started

CVE-2019-9812

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect