Severity
8.3HIGH
EPSS
0.7%
top 28.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 23
Latest updateMay 24
Description
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0
Affected Packages12 packages
Also affects: Debian Linux 8.0
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-63j5-535g-4392: As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feat↗2022-05-24
CVEList▶
CVE-2019-9811: As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feat↗2019-07-23
OSV▶
CVE-2019-9811: As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feat↗2019-07-23
📋Vendor Advisories
5Debian▶
CVE-2019-9811: firefox - As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape b...↗2019
💬Community
1Bugzilla
▶