Vulnerability Details : CVE-2019-9795
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Products affected by CVE-2019-9795
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9795
0.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-9795
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-9795
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9795
-
https://access.redhat.com/errata/RHSA-2019:0966
RHSA-2019:0966 - Security Advisory - Red Hat Customer Portal
-
https://www.mozilla.org/security/advisories/mfsa2019-08/
Security vulnerabilities fixed in Firefox ESR 60.6 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1514682
Access DeniedIssue Tracking;Permissions Required;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:1144
RHSA-2019:1144 - Security Advisory - Red Hat Customer Portal
-
https://www.mozilla.org/security/advisories/mfsa2019-11/
Security vulnerabilities fixed in Thunderbird 60.6 — MozillaVendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2019-07/
Security vulnerabilities fixed in Firefox 66 — MozillaVendor Advisory
Jump to