Ubuntu.comUB:CVE-2019-9793CVE-2019-9793
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.006 Low
EPSS
Percentile
78.6%
A mechanism was discovered that removes some bounds checking for string,
array, or typed array accesses if Spectre mitigations have been disabled.
This vulnerability could allow an attacker to create an arbitrary value in
compiled JavaScript, for which the range analysis will infer a fully
controlled, incorrect range in circumstances where users have explicitly
disabled Spectre mitigations. Note: Spectre mitigations are currently
enabled for all users by default settings.. This vulnerability affects
Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | firefox | < 66.0+build3-0ubuntu0.18.04.1 | UNKNOWN |
| ubuntu | 18.10 | noarch | firefox | < 66.0+build3-0ubuntu0.18.10.1 | UNKNOWN |
| ubuntu | 19.04 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 19.10 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 20.04 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 20.10 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 21.04 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 21.10 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 22.04 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
| ubuntu | 22.10 | noarch | firefox | < 66.0+build3-0ubuntu1 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2019-9793
nvd.nist.gov/vuln/detail/CVE-2019-9793
security-tracker.debian.org/tracker/CVE-2019-9793
ubuntu.com/security/notices/USN-3918-1
ubuntu.com/security/notices/USN-3918-2
ubuntu.com/security/notices/USN-3927-1
www.cve.org/CVERecord?id=CVE-2019-9793
www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.006 Low
EPSS
Percentile
78.6%