CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%
Severity: Critical
Date : 2019-04-06
CVE-ID : CVE-2019-9810 CVE-2019-9813
Package : thunderbird
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-947
The package thunderbird before version 60.6.1-1 is vulnerable to
arbitrary code execution.
Upgrade to 60.6.1-1.
The problems have been fixed upstream in version 60.6.1.
None.
An incorrect alias information in the IonMonkey JIT compiler of Firefox
before 66.0.1 and Thunderbird before 60.6.1 for the
Array.prototype.slice method may lead to missing bounds check and a
buffer overflow.
An incorrect handling of proto mutations may lead to type confusion
in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird
before 60.6.1, and can be leveraged for arbitrary memory read and
write.
A remote attacker can execute arbitrary code on the affected host.
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810
https://bugzilla.mozilla.org/show_bug.cgi?id=1537924
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813
https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
https://security.archlinux.org/CVE-2019-9810
https://security.archlinux.org/CVE-2019-9813
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | thunderbird | < 60.6.1-1 | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1537924
bugzilla.mozilla.org/show_bug.cgi?id=1538006
security.archlinux.org/AVG-947
security.archlinux.org/CVE-2019-9810
security.archlinux.org/CVE-2019-9813
www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
www.mozilla.org/en-US/security/advisories/mfsa2019-12/
www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810
www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.2%