Описание
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 66.0+build3-0ubuntu0.18.04.1 |
| cosmic | released | 66.0+build3-0ubuntu0.18.10.1 |
| devel | released | 66.0+build3-0ubuntu1 |
| disco | released | 66.0+build3-0ubuntu1 |
| eoan | released | 66.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [66.0.1+build1-0ubuntu0.14.04.1]] |
| esm-infra/focal | DNE | |
| focal | released | 66.0+build3-0ubuntu1 |
| groovy | released | 66.0+build3-0ubuntu1 |
| hirsute | released | 66.0+build3-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/focal | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| groovy | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:60.6.1+build2-0ubuntu0.18.04.1 |
| cosmic | released | 1:60.6.1+build2-0ubuntu0.18.10.1 |
| devel | released | 60.6.1+build2-0ubuntu1 |
| disco | released | 60.6.1+build2-0ubuntu1 |
| eoan | released | 60.6.1+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:60.6.1+build2-0ubuntu0.14.04.1]] |
| esm-infra/focal | DNE | |
| focal | released | 60.6.1+build2-0ubuntu1 |
| groovy | released | 60.6.1+build2-0ubuntu1 |
| hirsute | released | 60.6.1+build2-0ubuntu1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
The type inference system allows the compilation of functions that can ...
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Уязвимость JIT-компилятора IonMonkey браузеров Firefox и Firefox ESR, связанная с ошибкой преобразования типов данных, позволяющая нарушителю оказать воздействие на целостность защищаемых данных
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3