CVE-2019-9800

CRITICAL

Firefox < 67.0 and Firefox ESR < 60.7 - Out-of-bounds Write

Title source: llm

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://www.mozilla.org/security/advisories/mfsa2019-13/

Vendor Advisory x_refsource_misc

https://www.mozilla.org/security/advisories/mfsa2019-15/

Vendor Advisory x_refsource_misc

https://www.mozilla.org/security/advisories/mfsa2019-14/

Permissions Required x_refsource_misc

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580

Scores

CVSS v3 9.8

EPSS 0.0054

EPSS Percentile 67.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

mozilla/firefox < 67.0

mozilla/firefox_esr < 60.7

mozilla/thunderbird < 60.7

Published Jul 23, 2019

Tracked Since Feb 18, 2026