CVE-2019-17026

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 72.0.1 Firefox ESR versions prior to 68.4.1 Thunderbird versions prior to 68.4.1

Description The issue is related to a type confusion vulnerability in the IonMonkey JIT compiler, which could allow a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service using a specially crafted web page. There have been targeted attacks in the wild abusing this flaw. The vulnerability can be exploited by tricking users into visiting a malicious site, potentially allowing remote attackers to take complete control over computers.

Recommendations For Firefox versions prior to 72.0.1, update to version 72.0.1 or later. For Firefox ESR versions prior to 68.4.1, update to version 68.4.1 or later. For Thunderbird versions prior to 68.4.1, update to version 68.4.1 or later. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.