在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2019-9812Mozilla Firefox 安全漏洞 发布时间:2019-09-03类型:CANstatus:Candidatephase:Assigned 漏洞描述Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 Mozilla Firefox 69之前版本、Mozilla Firefox ESR 68.1之前版本和Firefox ESR 60.9之前版本中存在输入验证错误漏洞。攻击者可利用该漏洞造成沙盒逃逸。Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. 参考文献
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论