CVE-2019-9816 log

Source
Severity High
Remote Yes
Type Access restriction bypass
Description
A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note that this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.
Group Package Affected Fixed Severity Status Ticket
AVG-966 firefox 66.0.5-1 67.0-1 Critical Fixed
AVG-965 thunderbird 60.6.1-2 60.7.0-1 Critical Fixed
Date Advisory Group Package Severity Type
23 May 2019 ASA-201905-9 AVG-966 firefox Critical multiple issues
23 May 2019 ASA-201905-8 AVG-965 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
https://bugzilla.mozilla.org/show_bug.cgi?id=1536768