---

CVE-2019-9816 - log back

CVE-2019-9816 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note that this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816 + https://bugzilla.mozilla.org/show_bug.cgi?id=1536768
Notes