CVE-2019-9791
published 2019-04-26CVE-2019-9791: The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 66.0-1 (sid) | firefox 66.0-1 (sid) |
| debian | firefox-esr | < firefox 66.0-1 (sid) | firefox 66.0-1 (sid) |
| debian | thunderbird | < firefox 66.0-1 (sid) | firefox 66.0-1 (sid) |
| mozilla | firefox | < 60.6.0 | 60.6.0 |
| mozilla | firefox | < 66.0 | 66.0 |
| mozilla | firefox | >= 0 < 66.0.2+build1-0ubuntu0.14.04.1 | 66.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 66.0.3+build1-0ubuntu0.14.04.1 | 66.0.3+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 66.0.1+build1-0ubuntu0.14.04.1 | 66.0.1+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 66.0.2+build1-0ubuntu0.16.04.1 | 66.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 66.0.3+build1-0ubuntu0.16.04.1 | 66.0.3+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 66.0+build3-0ubuntu0.16.04.2 | 66.0+build3-0ubuntu0.16.04.2 |
| mozilla | firefox | >= 0 < 66.0.2+build1-0ubuntu0.18.04.1 | 66.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 66.0.3+build1-0ubuntu0.18.04.1 | 66.0.3+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 66.0+build3-0ubuntu0.18.04.1 | 66.0+build3-0ubuntu0.18.04.1 |
| mozilla | firefox | >= unspecified < 66 | 66 |
| mozilla | firefox_esr | >= unspecified < 60.6 | 60.6 |
| mozilla | thunderbird | < 60.6.0 | 60.6.0 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1-1 | 1:60.6.1-1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1+build2-0ubuntu0.14.04.1 | 1:60.6.1+build2-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1+build2-0ubuntu0.16.04.1 | 1:60.6.1+build2-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= 0 < 1:60.6.1+build2-0ubuntu0.18.04.1 | 1:60.6.1+build2-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= unspecified < 60.6 | 60.6 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL