ASA-2019-00430 – Mozilla Firefox and Thunderbird: Sandbox escape via installation of malicious language pack


Allele Security Alert

ASA-2019-00430

Identifier(s)

ASA-2019-00430, CVE-2019-9811, MFSA2019-21, MFSA2019-22, MFSA2019-23

Title

Sandbox escape via installation of malicious language pack

Vendor(s)

Mozilla Foundation

Product(s)

Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird

Affected version(s)

Mozilla Firefox versions before 68
Mozilla Firefox ESR versions before 60.8
Mozilla Thunderbird versions before 60.8

Fixed version(s)

Mozilla Firefox version 68
Mozilla Firefox ESR version 60.8
Mozilla Thunderbird version 60.8

Proof of concept

Unknown

Description

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.

Technical details

Unknown

Credits

Niklas Baumstark

Reference(s)

Mozilla Foundation Security Advisory 2019-21
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811

Mozilla Foundation Security Advisory 2019-22
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811

Mozilla Foundation Security Advisory 2019-23
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-9811

Bug 1538007
https://bugzilla.mozilla.org/show_bug.cgi?id=1538007

Restrict mozAddonManager’s special privileges to calls from the discovery pane
https://bugzilla.mozilla.org/show_bug.cgi?id=1539598

Bug 1539759
https://bugzilla.mozilla.org/show_bug.cgi?id=1539759

Convert aboutTelemetry.dtd to use Fluent instead
https://bugzilla.mozilla.org/show_bug.cgi?id=1523741

Bug 1563327
https://bugzilla.mozilla.org/show_bug.cgi?id=1563327

CVE-2019-9811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9811

CVE-2019-9811
https://nvd.nist.gov/vuln/detail/CVE-2019-9811

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 23, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.