PT-2019-4613 · Mozilla+5 · Firefox Esr+7

Nils

·

Published

2019-03-19

·

Updated

2024-12-12

·

CVE-2019-9795

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.6 Firefox ESR versions prior to 60.6 Firefox versions prior to 66
Description The issue is related to a type-confusion problem in the IonMonkey just-in-time compiler. It can be exploited by a remote attacker using a specially crafted JavaScript object, potentially leading to a crash.
Recommendations For Thunderbird versions prior to 60.6, update to version 60.6 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Firefox versions prior to 66, update to version 66 or later.

Exploit

Fix

Assertion Failure

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-617CWE-843CWE-704

Related Identifiers

ALT-PU-2019-1486
ALT-PU-2019-1497
ALT-PU-2019-1561
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2020-00747
CESA-2019_0622
CESA-2019_0623
CESA-2019_0680
CESA-2019_0681
CESA-2019_0966
CESA-2019_1144
CVE-2019-9795
DLA-1722-1
DLA-1743-1
DSA-4411-1
DSA-4420-1
MGASA-2019-0116
MGASA-2019-0129
OPENSUSE-SU-2019:1077-1
OPENSUSE-SU-2019:1126-1
OPENSUSE-SU-2019:1162-1
OPENSUSE-SU-2019_1056-1
OPENSUSE-SU-2019_1077-1
OPENSUSE-SU-2019_1162-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:0622
RHSA-2019:0623
RHSA-2019:0680
RHSA-2019:0681
RHSA-2019:0966
RHSA-2019:1144
RHSA-2019_0622
RHSA-2019_0623
RHSA-2019_0680
RHSA-2019_0681
RHSA-2019_0966
RHSA-2019_1144
SUSE-SU-2019:0852-1
SUSE-SU-2019:0853-1
SUSE-SU-2019:0871-1
USN-3918-1
USN-3918-2
USN-3918-3
USN-3918-4
USN-3927-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu