CVE-2019-9812
published 2020-01-08CVE-2019-9812: Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that…
PriorityP336critical9.3CVSS 3.1
AVNACLPRNUIRSCCNIHAH
EPSS
1.30%
67.0th percentile
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| debian | firefox-esr | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| mozilla | firefox | < 60.9 | 60.9 |
| mozilla | firefox | < 69.0 | 69.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.16.04.4 | 69.0+build2-0ubuntu0.16.04.4 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.16.04.1 | 69.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.18.04.1 | 69.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.18.04.1 | 69.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 61.0 < 68.1 | 68.1 |
| mozilla | firefox_esr | — | — |
| mozilla | firefox_esr | — | — |
CVSS provenance
nvdv3.19.3CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jh9w-r6qf-jxc5: Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts
ghsa_unreviewed·2022-05-24
CVE-2019-9812 [MEDIUM] CWE-20 GHSA-jh9w-r6qf-jxc5: Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
OSV
CVE-2019-9812: Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts
osv·2020-01-08·CVSS 9.3
CVE-2019-9812 [CRITICAL] CVE-2019-9812: Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
OSV
firefox regression
osv·2019-10-08·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, C
OSV
firefox vulnerabilities
osv·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with anothe
Ubuntu
Firefox regression
vendor_ubuntu·2019-10-08·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-4122-1 caused a regression in Firefox.
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could lo
Red Hat
Mozilla: Sandbox escape through Firefox Sync
vendor_redhat·2019-09-03·CVSS 9.3
CVE-2019-9812 [CRITICAL] CWE-250 Mozilla: Sandbox escape through Firefox Sync
Mozilla: Sandbox escape through Firefox Sync
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2019-9812: firefox - Given a compromised sandboxed content process due to a separate vulnerability, i...
vendor_debian·2019·CVSS 9.3
CVE-2019-9812 [CRITICAL] CVE-2019-9812: firefox - Given a compromised sandboxed content process due to a separate vulnerability, i...
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
Scope: local
sid: resolved (fixed in 69.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-9812 Mozilla: Sandbox escape through Firefox Sync
bugzilla·2019-09-04·CVSS 9.3
CVE-2019-9812 [CRITICAL] CVE-2019-9812 Mozilla: Sandbox escape through Firefox Sync
CVE-2019-9812 Mozilla: Sandbox escape through Firefox Sync
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading `accounts.firefox.com` in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-9812
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Niklas Baumstark via TrendMicro's Zero Day Initiative
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:2663 https:/
Bugzilla
Firefox 69.0 is available
bugzilla·2019-09-03·CVSS 9.8
CVE-2019-11751 [CRITICAL] Firefox 69.0 is available
Firefox 69.0 is available
Description of problem:
Firefox 69.0 is available
Version-Release number of selected component (if applicable):
69.0
Additional info:
Release Notes: https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
Security
- CVE-2019-11751: Malicious code execution through command line parameters
- CVE-2019-11746: Use-after-free while manipulating video
- CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
- CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753: Privilege escalation with Mozilla Maint
https://bugzilla.mozilla.org/show_bug.cgi?id=1538008https://bugzilla.mozilla.org/show_bug.cgi?id=1538015https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-27/https://bugzilla.mozilla.org/show_bug.cgi?id=1538008https://bugzilla.mozilla.org/show_bug.cgi?id=1538015https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-27/
2020-01-08
Published