CVE-2019-9793
Description
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.402
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Mozilla Firefox (66.0) | Windows |
| Mozilla Firefox ESR (60.6.0) | Windows |
| Mozilla Firefox (x64) (66.0) | Windows |
| Mozilla Firefox ESR (x64) (60.6.0) | Windows |
| Mozilla Thunderbird (60.6.0) | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.5) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.1) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.2) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.3) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (66.0.4) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (60.6.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (60.6.1) | Mac |
| Multiple Vulnerabilities are affected in Firefox ESR for Mac 60.5.0 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.5.0 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 65.0.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 60.5.1 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 60.6 | Mac |
| (RHSA-2019:1144) thunderbird security update thunderbird-60.6.1-1.el8.x86_64.rpm | Linux |
| (RHSA-2019:1144) thunderbird security update thunderbird-debugsource-60.6.1-1.el8.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-309247 | Mozilla Firefox (66.0) |
| PATCH-309248 | Mozilla Firefox ESR (60.6.0) |
| PATCH-309249 | Mozilla Firefox (x64) (66.0) |
| PATCH-309250 | Mozilla Firefox ESR (x64) (60.6.0) |
| PATCH-309259 | Mozilla Thunderbird (60.6.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234