The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
References
Link | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2019-11/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-08/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-07/ | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 | Exploit Issue Tracking Vendor Advisory |
https://access.redhat.com/errata/RHSA-2019:0966 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:1144 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2019-04-26 10:29
Updated : 2022-03-30 11:48
NVD link : CVE-2019-9791
Mitre link : CVE-2019-9791
JSON object : View
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
Products Affected
mozilla
- firefox_esr
- thunderbird
- firefox
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_eus