Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-9802

Опубликовано: 26 апр. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.

РелизСтатусПримечание
bionic

released

66.0+build3-0ubuntu0.18.04.1
cosmic

released

66.0+build3-0ubuntu0.18.10.1
devel

released

66.0+build3-0ubuntu1
disco

released

66.0+build3-0ubuntu1
eoan

released

66.0+build3-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [66.0.1+build1-0ubuntu0.14.04.1]]
esm-infra/focal

DNE

focal

released

66.0+build3-0ubuntu1
groovy

released

66.0+build3-0ubuntu1
hirsute

released

66.0+build3-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 44%
0.00212
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-9802

CVSS3: 7.5
nvd
почти 7 лет назад

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.

debian логотип

CVE-2019-9802

CVSS3: 7.5
debian
почти 7 лет назад

If a Sandbox content process is compromised, it can initiate an FTP do ...

github логотип

GHSA-r3xx-53c7-m93v

github
больше 3 лет назад

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.

fstec логотип

BDU:2020-00593

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость браузера Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 44%
0.00212
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Уязвимость CVE-2019-9802