CVE-2019-9819 - Vulnerability Details

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
firefox-0:60.7.0-1.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1267	2019-05-23T00:00:00Z
thunderbird-0:60.7.0-1.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1310	2019-06-03T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:60.7.0-1.el7_6	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1265	2019-05-23T00:00:00Z
thunderbird-0:60.7.0-1.el7_6	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1309	2019-06-03T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:60.7.0-1.el8_0	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1269	2019-05-23T00:00:00Z
thunderbird-0:60.7.0-1.el8_0	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:1308	2019-06-03T00:00:00Z

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1532553
https://nvd.nist.gov/vuln/detail/CVE-2019-9819
https://www.cve.org/CVERecord?id=CVE-2019-9819
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
https://www.mozilla.org/security/advisories/mfsa2019-13/
https://www.mozilla.org/security/advisories/mfsa2019-14/
https://www.mozilla.org/security/advisories/mfsa2019-15/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2019-07-23T13:23:43

Updated: 2024-08-04T22:01:54.971Z

Reserved: 2019-03-14T00:00:00

Link: CVE-2019-9819

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-23T14:15:17.357

Modified: 2024-11-21T04:52:22.440

Link: CVE-2019-9819

Redhat

Severity : Important

Publid Date: 2019-05-22T00:00:00Z

Links: CVE-2019-9819 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object