cvedb.io
CVE-2019-9802
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-04-26T17:29:03.163 · Last modified 2026-06-17T02:44:28.930

Summary

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.

Affected products

mozilla — firefox

Does this affect you?

Add your gear to cvedb and we'll alert you only when mozilla ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.