CVE-2019-17026
CVSS v3.1
8.8 (High)
CVSS v2.0
6.8 (Medium)
EPSS
47.10 % (98th)
Affected Products
4
Advisories
31
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
Weaknesses
- CWE-843
- Access of Resource Using Incompatible Type ('Type Confusion')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-03-02 05:15:12
(4 years ago) - Updated Date
-
2022-11-16 03:00:36
(22 months ago)
Mozilla Firefox And Thunderbird Type Confusion Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2019-17026
- Vendor
- Mozilla
- Product
- Firefox and Thunderbird
- In CISA Catalog from
-
2021-11-03
(2 years ago) - Due Date
-
2022-05-03
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...