CVE Vulnerabilities

CVE-2019-9805

Use of Uninitialized Resource

Published: Apr 26, 2019 | Modified: Feb 08, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.

Weakness 

The product uses or accesses a resource that has not been initialized.

Affected Software 

Name Vendor Start Version End Version
Firefox Mozilla * 66.0 (excluding)
Firefox Ubuntu bionic *
Firefox Ubuntu cosmic *
Firefox Ubuntu devel *
Firefox Ubuntu disco *
Firefox Ubuntu eoan *
Firefox Ubuntu focal *
Firefox Ubuntu groovy *
Firefox Ubuntu hirsute *
Firefox Ubuntu impish *
Firefox Ubuntu jammy *
Firefox Ubuntu kinetic *
Firefox Ubuntu lunar *
Firefox Ubuntu mantic *
Firefox Ubuntu noble *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Mozjs38 Ubuntu bionic *
Mozjs38 Ubuntu esm-apps/bionic *
Mozjs38 Ubuntu upstream *
Mozjs52 Ubuntu bionic *
Mozjs52 Ubuntu cosmic *
Mozjs52 Ubuntu disco *
Mozjs52 Ubuntu eoan *
Mozjs52 Ubuntu esm-apps/focal *
Mozjs52 Ubuntu esm-infra/bionic *
Mozjs52 Ubuntu focal *
Mozjs52 Ubuntu groovy *
Mozjs52 Ubuntu upstream *
Mozjs60 Ubuntu cosmic *
Mozjs60 Ubuntu disco *
Mozjs60 Ubuntu eoan *
Mozjs60 Ubuntu upstream *

Potential Mitigations 

References