CVE-2019-9793
Published: 20 March 2019
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Notes
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
bionic |
Released
(66.0+build3-0ubuntu0.18.04.1)
|
cosmic |
Released
(66.0+build3-0ubuntu0.18.10.1)
|
|
disco |
Released
(66.0+build3-0ubuntu1)
|
|
eoan |
Released
(66.0+build3-0ubuntu1)
|
|
focal |
Released
(66.0+build3-0ubuntu1)
|
|
groovy |
Released
(66.0+build3-0ubuntu1)
|
|
hirsute |
Released
(66.0+build3-0ubuntu1)
|
|
impish |
Released
(66.0+build3-0ubuntu1)
|
|
jammy |
Released
(66.0+build3-0ubuntu1)
|
|
kinetic |
Released
(66.0+build3-0ubuntu1)
|
|
lunar |
Released
(66.0+build3-0ubuntu1)
|
|
trusty |
Released
(66.0.1+build1-0ubuntu0.14.04.1)
|
|
upstream |
Released
(66.0)
|
|
xenial |
Released
(66.0+build3-0ubuntu0.16.04.2)
|
|
mozjs38 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
mozjs52 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
mozjs60 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Released
(1:60.6.1+build2-0ubuntu0.18.04.1)
|
cosmic |
Released
(1:60.6.1+build2-0ubuntu0.18.10.1)
|
|
disco |
Released
(60.6.1+build2-0ubuntu1)
|
|
eoan |
Released
(60.6.1+build2-0ubuntu1)
|
|
focal |
Released
(60.6.1+build2-0ubuntu1)
|
|
groovy |
Released
(60.6.1+build2-0ubuntu1)
|
|
hirsute |
Released
(60.6.1+build2-0ubuntu1)
|
|
impish |
Released
(60.6.1+build2-0ubuntu1)
|
|
jammy |
Released
(60.6.1+build2-0ubuntu1)
|
|
kinetic |
Released
(60.6.1+build2-0ubuntu1)
|
|
lunar |
Released
(60.6.1+build2-0ubuntu1)
|
|
trusty |
Released
(1:60.6.1+build2-0ubuntu0.14.04.1)
|
|
upstream |
Released
(60.6)
|
|
xenial |
Released
(1:60.6.1+build2-0ubuntu0.16.04.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793
- https://ubuntu.com/security/notices/USN-3918-1
- https://ubuntu.com/security/notices/USN-3918-2
- https://ubuntu.com/security/notices/USN-3927-1
- NVD
- Launchpad
- Debian