Vulnerability Description
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 66.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282430ExploitIssue TrackingPatch
- https://bugzilla.mozilla.org/show_bug.cgi?id=1523249Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282430ExploitIssue TrackingPatch
- https://bugzilla.mozilla.org/show_bug.cgi?id=1523249Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
FAQ
What is CVE-2019-9809?
CVE-2019-9809 is a vulnerability with a CVSS score of 7.5 (HIGH). If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messa...
How severe is CVE-2019-9809?
CVE-2019-9809 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9809?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.