First published: Tue Mar 19 2019(Updated: )
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack.
Credit: security@mozilla.org security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <66 | 66 |
Mozilla Firefox | <66.0 | |
debian/firefox | 133.0.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-9809 is a vulnerability that allows for a denial of service (DOS) attack by triggering a series of modal alert messages through invalid credentials or locations when the source for resources on a page is through an FTP connection.
Mozilla Firefox versions up to and excluding 66.0, as well as Ubuntu and Debian packages of Firefox versions up to and excluding 66.0, are affected by CVE-2019-9809.
CVE-2019-9809 has a severity rating of high with a CVSS score of 7.5.
To fix CVE-2019-9809, upgrade to Mozilla Firefox version 66.0 or later, or update your Ubuntu or Debian Firefox package to version 66.0 or later.
More information about CVE-2019-9809 can be found at the following references: [Bugzilla #1282430](https://bugzilla.mozilla.org/show_bug.cgi?id=1282430), [Bugzilla #1523249](https://bugzilla.mozilla.org/show_bug.cgi?id=1523249), [Mozilla Security Advisories MFSB2019-07](https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/).