CVE-2019-9802

CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.

Source: CVE-2019-9802

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다