CVE-2019-9810

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 66.0.1 Firefox ESR versions prior to 60.6.1 Thunderbird versions prior to 60.6.1

Description The issue is related to incorrect alias information in the IonMonkey JIT compiler for the Array.prototype.slice method, which may lead to a missing bounds check and a buffer overflow. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Firefox versions prior to 66.0.1, update to version 66.0.1 or later. For Firefox ESR versions prior to 60.6.1, update to version 60.6.1 or later. For Thunderbird versions prior to 60.6.1, update to version 60.6.1 or later.