What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-9816.

What is the severity of CVE-2019-9816?

The severity of CVE-2019-9816 is high.

What is the affected software?

The affected software is Mozilla Firefox and Mozilla Thunderbird.

How can I fix CVE-2019-9816?

To fix CVE-2019-9816, update Mozilla Firefox and Mozilla Thunderbird to version 67.0+ or higher.

Where can I find more information about CVE-2019-9816?

You can find more information about CVE-2019-9816 at the following references: [Reference 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1536768), [Reference 2](https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/), [Reference 3](https://www.mozilla.org/security/advisories/mfsa2019-13/).

Vulnerability/
CVE-2019-9816

medium

5.9

CWE

843

21/5/2019

23/7/2019

4/8/2024

CVE-2019-9816

First published: Tue May 21 2019(Updated: )

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with `UnboxedObjects`, which are disabled by default on all supported releases.* External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816">https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816</a>

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Thunderbird	<60.7	60.7
Mozilla Firefox ESR	<60.7	60.7
Mozilla Firefox	<67	67
Mozilla Firefox	<67.0
Mozilla Firefox ESR	<60.7
Mozilla Thunderbird	<60.7
debian/firefox		132.0.2-1
debian/firefox-esr		115.14.0esr-1~deb11u1 128.4.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.4.0esr-1~deb12u1 128.3.1esr-2 128.4.0esr-1
debian/thunderbird		1:115.12.0-1~deb11u1 1:128.4.3esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.4.0esr-1~deb12u1 1:128.4.2esr-1 1:128.4.3esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-9816.
What is the severity of CVE-2019-9816?
The severity of CVE-2019-9816 is high.
What is the affected software?
The affected software is Mozilla Firefox and Mozilla Thunderbird.
How can I fix CVE-2019-9816?
To fix CVE-2019-9816, update Mozilla Firefox and Mozilla Thunderbird to version 67.0+ or higher.
Where can I find more information about CVE-2019-9816?
You can find more information about CVE-2019-9816 at the following references: [Reference 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1536768), [Reference 2](https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/), [Reference 3](https://www.mozilla.org/security/advisories/mfsa2019-13/).

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-9816
agent/author
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/description
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
collector/nvd-index
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox esr
canonical/mozilla firefox
package-manager/debian