CVE-2019-9816

🗓️ 23 Jul 2019 13:24:19Reported by mozillaType

cve🔗 web.nvd.nist.gov👁 291 Views🌐 WEB

CVE-2019-9816: Type confusion vulnerability in JavaScript object

Reporter	Title	Published	Views	Family All 134
IBM Security Bulletins	Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.	15 Dec 202107:41	–	ibm
IBM Security Bulletins	Security Bulletin: Synthetic Playback Agent 8.1.x is affected by multiple vulnerabilities	8 Aug 201909:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS	8 Jul 201908:00	–	ibm
0day.today	Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation Exploit	28 May 201900:00	–	zdt
FreeBSD	mozilla -- multiple vulnerabilities	21 May 201900:00	–	freebsd
Tenable Nessus	Mozilla Firefox < 67.0 Multiple Vulnerabilities	21 May 201900:00	–	nessus
Tenable Nessus	Mozilla Firefox ESR < 60.7 Multiple Vulnerabilities	21 May 201900:00	–	nessus
Tenable Nessus	Mozilla Thunderbird < 60.7 Multiple Vulnerabilities	21 May 201600:00	–	nessus
Tenable Nessus	CentOS 8 : firefox (CESA-2019:1269)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (CESA-2019:1265)	30 May 201900:00	–	nessus

NVD

Vulners

Node

mozilla firefoxRange<67.0

mozilla firefox_esrRange<60.7

mozilla thunderbirdRange<60.7

[
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "60.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "67",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "60.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2019-15/
mozilla	www.mozilla.org/security/advisories/mfsa2019-14/
mozilla	www.mozilla.org/security/advisories/mfsa2019-13/

Parameter	Position	Path	Description	CWE
ObjectGroupDispatch	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/vm/ObjectGroup.h#L87	Code path related to ObjectGroupDispatch and object group handling in ObjectGroup.h	CWE-843
UnboxedObject	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/vm/ObjectGroup.h#L87	Code path related to ObjectGroupDispatch and object group handling in ObjectGroup.h	CWE-843
ObjectGroup	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/vm/ObjectGroup.h#L87	Code path related to ObjectGroupDispatch and object group handling in ObjectGroup.h	CWE-843
ObjectGroupDispatch	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/jit/IonBuilder.cpp#L4517	Inlining path for ObjectGroupDispatch in IonBuilder related to toString and ObjectGroup switches	CWE-843
toStringInlining	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/jit/IonBuilder.cpp#L4517	Inlining path for ObjectGroupDispatch in IonBuilder related to toString and ObjectGroup switches	CWE-843
ObjectGroup	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/jit/IonBuilder.cpp#L4517	Inlining path for ObjectGroupDispatch in IonBuilder related to toString and ObjectGroup switches	CWE-843
ObjectGroupDispatch	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/jit/IonBuilder.cpp#L4923	Switch handling for ObjectGroupDispatch with potential missing default path	CWE-843
switch	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/jit/IonBuilder.cpp#L4923	Switch handling for ObjectGroupDispatch with potential missing default path	CWE-843
ObjectGroup	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/jit/IonBuilder.cpp#L4923	Switch handling for ObjectGroupDispatch with potential missing default path	CWE-843
UnboxedObject	path	/mozilla/gecko-dev/blob/3ecf89da497cf1abe2a89d1b3c282b48e5dfac8c/js/src/vm/UnboxedObject.cpp#L1416	UnboxedObject layout conversion may change ObjectGroup	CWE-843

21 Nov 2024 04:52Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 35.9

EPSS0.11045

CWE-843