[MFSA-2019-09] Security vulnerabilities fixed in Firefox 66.0.1
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
2
CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information (critical)
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.CVE-2019-9813: Ionmonkey type confusion with proto mutations (critical)
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
Package | Affected Version |
---|---|
pkg:mozilla/Firefox | < 66.0.1 |
Package | Fixed Version |
---|---|
pkg:mozilla/Firefox | = 66.0.1 |
- ID
- MFSA-2019-09
- Severity
- critical
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-09
- Published
-
2019-03-22T00:00:00
(5 years ago) - Modified
-
2019-03-22T00:00:00
(5 years ago) - Other Advisories
-
- ALAS2-2019-1195
- ALPINE:CVE-2019-9810
- ALPINE:CVE-2019-9813
- ASA-201903-14
- ASA-201904-4
- DSA-4417-1
- ELSA-2019-0671
- ELSA-2019-0672
- ELSA-2019-0680
- ELSA-2019-0681
- ELSA-2019-0966
- ELSA-2019-1144
- GLSA-201904-07
- MFSA-2019-10
- MFSA-2019-12
- openSUSE-SU-2019:1077-1
- openSUSE-SU-2019:1126-1
- openSUSE-SU-2019:1162-1
- RHSA-2019:0671
- RHSA-2019:0672
- RHSA-2019:0680
- RHSA-2019:0681
- RHSA-2019:0966
- RHSA-2019:1144
- SSA:2019-081-01
- SUSE-SU-2019:0852-1
- SUSE-SU-2019:0853-1
- SUSE-SU-2019:0871-1
- USN-3919-1
- USN-3927-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1537924 | https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 | |
Bugzilla | 1538006 | https://bugzilla.mozilla.org/show_bug.cgi?id=1538006 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |