An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 for the Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 for the Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924