How severe is CVE-2019-9812?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.3 out of 10.

What type of vulnerability is CVE-2019-9812?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2019-9812

CRITICAL Year: 2019

CVSS v3 Score

9.3

Critical

CVSS v2 Score

5.8

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.

CVE-2018-11284

CRITICAL

CVSS:9.3(Critical)

Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in version...

NVD-CWE-Other2018

CVE-2018-2623

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily...

NVD-CWE-Other2018

CVE-2018-2739

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Easi...

NVD-CWE-Other2018

CVE-2019-20606

CRITICAL

CVSS:9.3(Critical)

An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (M...

NVD-CWE-Other2019

CVE-2019-2702

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily...

NVD-CWE-Other2019

CVE-2019-3020

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.1...

NVD-CWE-Other2019

CVE-2019-9812

Vulnerability Description

Related Vulnerabilities

CVE-2018-11284

CVE-2018-2623

CVE-2018-2739

CVE-2019-20606

CVE-2019-2702

CVE-2019-3020