Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-9791

Опубликовано: 20 мар. 2019
Источник: redhat
CVSS3: 9.8

Описание

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Отчет

In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=1690676Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-9791

CVSS3: 9.8
ubuntu
почти 7 лет назад

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

nvd логотип

CVE-2019-9791

CVSS3: 9.8
nvd
почти 7 лет назад

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

debian логотип

CVE-2019-9791

CVSS3: 9.8
debian
почти 7 лет назад

The type inference system allows the compilation of functions that can ...

github логотип

GHSA-9r58-49jg-hrq7

CVSS3: 9.8
github
больше 3 лет назад

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

fstec логотип

BDU:2019-01557

CVSS3: 8.8
fstec
почти 7 лет назад

Уязвимость JIT-компилятора IonMonkey браузеров Firefox и Firefox ESR, связанная с ошибкой преобразования типов данных, позволяющая нарушителю оказать воздействие на целостность защищаемых данных

9.8 Critical

CVSS3