⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-9810Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents11 sources
Severity
8.8HIGHNVD
EPSS
71.6%
top 1.27%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+4 more
Timeline
PublishedApr 26
Latest updateMay 24

Description

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified66.0.1
NVDmozilla/firefox< 60.6.1+1
CVEListV5mozilla/firefox_esrunspecified60.6.1
CVEListV5mozilla/thunderbirdunspecified60.6.1
NVDmozilla/thunderbird< 60.6.1

Also affects: Enterprise Linux 8.0, 8.1, 8.2, 8.4

🔴Vulnerability Details

6
GHSA
GHSA-j339-cxg8-wjf2: Incorrect alias information in IonMonkey JIT compiler for Array2022-05-24
OSV
CVE-2019-9810: Incorrect alias information in IonMonkey JIT compiler for Array2019-04-26
CVEList
CVE-2019-9810: Incorrect alias information in IonMonkey JIT compiler for Array2019-04-26
OSV
thunderbird vulnerabilities2019-03-28
VulnCheck
Mozilla Firefox Improper Restriction of Operations within the Bounds of a Memory Buffer2019

💥Exploits & PoCs

2
Exploit-DB
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack2019-12-07
Exploit-DB
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow2019-03-26

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2019-03-28
Ubuntu
Firefox vulnerabilities2019-03-25
Red Hat
Mozilla: IonMonkey MArraySlice has incorrect alias information2019-03-22
Debian
CVE-2019-9810: firefox - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice ...2019

💬Community

1
Bugzilla
CVE-2019-9810 Mozilla: IonMonkey MArraySlice has incorrect alias information2019-03-24
CVE-2019-9810 — Mozilla Firefox vulnerability | cvebase