NA

CVE-2019-17026

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to execute arbitrary code on the system, caused by a type confusion in IonMonkey JIT compiler due to “incorrect alias information for setting array elements. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #948452 firefox: Please update to 7201 (and firefox-esr to 6841) because of CVE-2019-17026 Package: firefox; Maintainer for firefox is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Source for firefox is src:firefox (PTS, buildd, popcon) Reported by: jim_p <pits ...
Arch Linux Security Advisory ASA-202001-3 ========================================= Severity: Critical Date : 2020-01-10 CVE-ID : CVE-2019-17026 Package : firefox Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1085 Summary ======= The package firefox before version 7201-1 is vulnerable to arbi ...
A type confusion vulnerability has been found in Firefox before 7201 Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion with StoreElementHole and FallibleStoreElement Mozilla is aware of targeted attacks in the wild abusing this flaw ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting For the oldstable distribution (stretch), this problem has been fixed in version 6841esr-1~deb9u1 For the stable distribution (buster), this problem has been fi ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4600-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff January 09, 2020 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) New mozilla-thunderbird packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-6841-i686-1_s ...

Github Repositories

Recent Articles

Mozilla rushes out patch for Firefox zero‑day
welivesecurity • Tomáš Foltýn • 09 Jan 2020

Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks.
Details about the flaw and its exploitation are rather sparse, however. What little is known, according to Mozilla’s security advisory released on Wednesday, is that it is a type confusion error that resides in IonMonkey, the just-in-time (JIT) compiler for the browser’s SpiderMonkey JavaScript engine.
A warning from the United St...

Mozilla Updates Firefox Browser: Zero-Day Bug Patched, Fingerprinting Nixed
Threatpost • Tom Spring • 08 Jan 2020

UPDATE
Mozilla patched a critical vulnerability actively being exploited in the wild with its latest update to the Firefox browser.
Mozilla said in a security bulletin Wednesday that it was “aware of targeted attacks in the wild that were abusing the flaw. A successful attack “could make it possible for attackers who successfully exploit it to abuse affected systems,” according to Mozilla.
The disclosure came a day after Mozilla released its latest Firefox 72 browser on ...