CVE-2019-9811

Summary

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 60.8affected
MozillaFirefoxunspecified < 68affected
MozillaThunderbirdunspecified < 60.8affected

Weaknesses

  • Sandbox escape via installation of malicious language pack

ADP Enrichment

CVE Program Container

Additional References

References