PT-2019-1899 · Mozilla+5 · Firefox Esr+7
Samuel Groß
·
Published
2019-03-19
·
Updated
2024-12-12
·
CVE-2019-9791
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 66
Firefox ESR versions prior to 60.6
Thunderbird versions prior to 60.6
Description
The issue is related to the IonMonkey just-in-time (JIT) compiler, which allows for type confusions between arbitrary objects when compiled and when the constructor function is entered through on-stack replacement (OSR). This can lead to possible arbitrary reading and writing of objects during an exploitable crash. The vulnerability is associated with a type conversion error when accessing arbitrary objects during compilation.
Recommendations
For Firefox versions prior to 66, update to version 66 or later.
For Firefox ESR versions prior to 60.6, update to version 60.6 or later.
For Thunderbird versions prior to 60.6, update to version 60.6 or later.
Exploit
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu