Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-9816 — Type Confusion in Mozilla Firefox
Severity
5.9MEDIUMNVD
OSV9.8
EPSS
38.2%
top 2.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJul 23
Latest updateMay 24
Description
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages12 packages
🔴Vulnerability Details
6GHSA▶
GHSA-w463-rqrr-mc27: A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of se↗2022-05-24
OSV▶
CVE-2019-9816: A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of se↗2019-07-23
💥Exploits & PoCs
1Exploit-DB
▶