Headline
CVE-2019-17026: Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
Mozilla Foundation Security Advisory 2020-03
Announced
January 8, 2020
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
- Firefox 72.0.1
- Firefox ESR 68.4.1
#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Reporter
Qihoo 360 ATA
Impact
critical
Description
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
References
- Bug 1607443