← back
CVE-2019-9792

CVE-2019-9792

EPSS 13.2%
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird
public PoCs found2
cve_referencepacketstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.htmlunverifiedexploitdbwww.exploit-db.com/exploits/46939unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.htmlhttps://access.redhat.com/errata/RHSA-2019:0966https://access.redhat.com/errata/RHSA-2019:1144https://bugzilla.mozilla.org/show_bug.cgi?id=1532599https://www.mozilla.org/security/advisories/mfsa2019-07/https://www.mozilla.org/security/advisories/mfsa2019-08/https://www.mozilla.org/security/advisories/mfsa2019-11/