CVE-2019-9793
published 2019-04-26CVE-2019-9793: A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This…
PriorityP430medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EPSS
1.63%
73.3th percentile
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 66.0-1 (sid) | firefox 66.0-1 (sid) |
| debian | firefox-esr | < firefox 66.0-1 (sid) | firefox 66.0-1 (sid) |
| debian | thunderbird | < firefox 66.0-1 (sid) | firefox 66.0-1 (sid) |
| mozilla | firefox | < 66.0 | 66.0 |
| mozilla | firefox | >= 0 < 66.0.2+build1-0ubuntu0.14.04.1 | 66.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 66.0.3+build1-0ubuntu0.14.04.1 | 66.0.3+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 66.0.1+build1-0ubuntu0.14.04.1 | 66.0.1+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 66.0.2+build1-0ubuntu0.16.04.1 | 66.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 66.0.3+build1-0ubuntu0.16.04.1 | 66.0.3+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 66.0+build3-0ubuntu0.16.04.2 | 66.0+build3-0ubuntu0.16.04.2 |
| mozilla | firefox | >= 0 < 66.0.2+build1-0ubuntu0.18.04.1 | 66.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 66.0.3+build1-0ubuntu0.18.04.1 | 66.0.3+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 66.0+build3-0ubuntu0.18.04.1 | 66.0+build3-0ubuntu0.18.04.1 |
| mozilla | firefox | >= unspecified < 66 | 66 |
| mozilla | firefox_esr | < 60.6 | 60.6 |
| mozilla | firefox_esr | >= unspecified < 60.6 | 60.6 |
| mozilla | thunderbird | < 60.6 | 60.6 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1+build2-0ubuntu0.14.04.1 | 1:60.6.1+build2-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1+build2-0ubuntu0.16.04.1 | 1:60.6.1+build2-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1+build2-0ubuntu0.18.04.1 | 1:60.6.1+build2-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= unspecified < 60.6 | 60.6 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat7.5HIGH
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w86v-mv97-qh72: A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled
ghsa_unreviewed·2022-05-24
CVE-2019-9793 [MEDIUM] CWE-119 GHSA-w86v-mv97-qh72: A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
OSV
CVE-2019-9793: A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled
osv·2019-04-26·CVSS 5.9
CVE-2019-9793 [MEDIUM] CVE-2019-9793: A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
OSV
firefox regressions
osv·2019-04-16·CVSS 9.8
[CRITICAL] firefox regressions
firefox regressions
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web
compatibility and performance issues with some websites. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9
OSV
firefox regression
osv·2019-03-28·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web
compatibility issues with some websites. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-979
OSV
thunderbird vulnerabilities
osv·2019-03-28·CVSS 5.9
CVE-2018-18506 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that Thunderbird allowed PAC files to specify that
requests to localhost are sent through the proxy to another server. If
proxy auto-detection is enabled, an attacker could potentially exploit
this to conduct attacks on local services and tools. (CVE-2018-18506)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791,
CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813)
A mechanism was discovered that removes some bounds checking for string,
array, or typed array accesses if Spectre mitiga
OSV
firefox vulnerabilities
osv·2019-03-25·CVSS 9.8
[CRITICAL] firefox vulnerabilities
firefox vulnerabilities
USN-3918-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-
OSV
firefox vulnerabilities
osv·2019-03-21·CVSS 9.8
CVE-2019-9788 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,
CVE-2019-9808, CVE-2019-9809)
A mechanism was discovered that removes some bounds checking for string,
array, or typed array accesses if
Ubuntu
Firefox regressions
vendor_ubuntu·2019-04-16·CVSS 9.8
[CRITICAL] Firefox regressions
Title: Firefox regressions
Summary: USN-3918-1 caused a regression in Firefox.
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web
compatibility and performance issues with some websites. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2019-03-28·CVSS 5.9
CVE-2018-18506 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that Thunderbird allowed PAC files to specify that
requests to localhost are sent through the proxy to another server. If
proxy auto-detection is enabled, an attacker could potentially exploit
this to conduct attacks on local services and tools. (CVE-2018-18506)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791,
CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813)
A mechanism was discovered that removes some bounds c
Ubuntu
Firefox regression
vendor_ubuntu·2019-03-28·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-3918-1 caused a regression in Firefox.
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web
compatibility issues with some websites. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-979
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-03-25·CVSS 9.8
CVE-2019-9788 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
USN-3918-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-03-21·CVSS 9.8
CVE-2019-9788 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,
CVE-2019-9808, CVE-2019-9809)
A mechanism was discovered that removes so
Red Hat
Mozilla: Improper bounds checks when Spectre mitigations are disabled
vendor_redhat·2019-03-20·CVSS 5.9
CVE-2019-9793 [MEDIUM] CWE-119 Mozilla: Improper bounds checks when Spectre mitigations are disabled
Mozilla: Improper bounds checks when Spectre mitigations are disabled
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Debian
CVE-2019-9793: firefox - A mechanism was discovered that removes some bounds checking for string, array, ...
vendor_debian·2019·CVSS 5.9
CVE-2019-9793 [MEDIUM] CVE-2019-9793: firefox - A mechanism was discovered that removes some bounds checking for string, array, ...
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Scope: local
sid: resolved (fixed in 66.0-1)
Red Hat
struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library
vendor_redhat·2017-09-05·CVSS 7.5
CVE-2017-9793 [HIGH] CWE-20 struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library
struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
A flaw was found in the Struts REST plugin when using an outdated XStream library. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat prov
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled
bugzilla·2019-03-20·CVSS 5.9
CVE-2019-9793 [MEDIUM] CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled
CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations.
*Note: Spectre mitigations are currently enabled for all users by default settings.*
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Bruno Keith & Niklas Baumstark (the phoenhex team)
---
This issue
Bugzilla
CVE-2017-9793 struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library
bugzilla·2017-09-05·CVSS 7.5
CVE-2017-9793 [HIGH] CVE-2017-9793 struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library
CVE-2017-9793 struts: DoS attack via crafted XML payload processed by REST Plugin using XStream library
The REST Plugin is using outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Affected versions:
Struts 2.3.7 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12
External References:
https://struts.apache.org/docs/s2-051.html
Discussion:
Created struts tracking bugs for this issue:
Affects: epel-7 [bug 1488487]
Affects: fedora-all [bug 1488488]
---
Statement:
A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled i
https://access.redhat.com/errata/RHSA-2019:0966https://access.redhat.com/errata/RHSA-2019:1144https://bugzilla.mozilla.org/show_bug.cgi?id=1528829https://www.mozilla.org/security/advisories/mfsa2019-07/https://www.mozilla.org/security/advisories/mfsa2019-08/https://www.mozilla.org/security/advisories/mfsa2019-11/https://access.redhat.com/errata/RHSA-2019:0966https://access.redhat.com/errata/RHSA-2019:1144https://bugzilla.mozilla.org/show_bug.cgi?id=1528829https://www.mozilla.org/security/advisories/mfsa2019-07/https://www.mozilla.org/security/advisories/mfsa2019-08/https://www.mozilla.org/security/advisories/mfsa2019-11/
2019-04-26
Published