CVE-2019-9816

MEDIUM Year: 2019
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-843
View all →

Vulnerability Description

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Related Vulnerabilities

CVE-2025-21225

MEDIUM
CVSS:5.9(Medium)

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CWE-8432025

CVE-2022-34709

MEDIUM
CVSS:6.0(Medium)

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CWE-8432022

CVE-2021-23443

MEDIUM
CVSS:6.1(Medium)

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), e...

CWE-8432021

CVE-2021-23447

MEDIUM
CVSS:6.1(Medium)

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).

CWE-8432021

CVE-2021-23472

MEDIUM
CVSS:6.1(Medium)

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array...

CWE-8432021

CVE-2024-40788

MEDIUM
CVSS:6.2(Medium)

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS ...

CWE-8432024