CVE-2019-9816

EPSS 6.2%

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/46940unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1536768 https://www.mozilla.org/security/advisories/mfsa2019-13/https://www.mozilla.org/security/advisories/mfsa2019-14/https://www.mozilla.org/security/advisories/mfsa2019-15/