CVE-2019-9810

EPSS 29.5%

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

public PoCs found — 5

githubgithub.com/0vercl0k/CVE-2019-9810★ 228 githubgithub.com/xuechiyaobai/CVE-2019-9810-PoC★ 67 cve_referencepacketstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.htmlunverified exploitdbwww.exploit-db.com/exploits/46605unverified exploitdbwww.exploit-db.com/exploits/47752unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/security/advisories/mfsa2019-09/https://www.mozilla.org/security/advisories/mfsa2019-10/https://www.mozilla.org/security/advisories/mfsa2019-12/