8.8
CVSSv3

CVE-2019-17026

Published: 02/03/2020 Updated: 12/03/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to execute arbitrary code on the system, caused by a type confusion in IonMonkey JIT compiler due to “incorrect alias information for setting array elements. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #948452 firefox: Please update to 7201 (and firefox-esr to 6841) because of CVE-2019-17026 Package: firefox; Maintainer for firefox is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Source for firefox is src:firefox (PTS, buildd, popcon) Reported by: jim_p <pits ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vul ...
Arch Linux Security Advisory ASA-202001-3 ========================================= Severity: Critical Date : 2020-01-10 CVE-ID : CVE-2019-17026 Package : firefox Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1085 Summary ======= The package firefox before version 7201-1 is vulnerable to arbi ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability ...
A type confusion vulnerability has been found in Firefox before 7201 Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion with StoreElementHole and FallibleStoreElement Mozilla is aware of targeted attacks in the wild abusing this flaw ...
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure For the oldstable distribution (stretch), these problems have been fixed in version 1:6841-1~deb9u1 For the stable distribution (buster), these problems have been fixed in version 1:6841-1~deb10u1 ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting For the oldstable distribution (stretch), this problem has been fixed in version 6841esr-1~deb9u1 For the stable distribution (buster), this problem has been fi ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Several security issues were fixed in Thunderbird ...
Arch Linux Security Advisory ASA-202001-4 ========================================= Severity: Critical Date : 2020-01-14 CVE-ID : CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Package : thunderbird Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1086 Summary ======= ...
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule This could allow for injection into certain types of websites resulting in data exfiltration This vulnerability affects Firefox ESR < 684 and Firefox < 72 (CVE-2019-17016 ) Mozilla developers reported memo ...
Several security issues were fixed in Thunderbird ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) New mozilla-thunderbird packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-6841-i686-1_s ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4603-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff January 17, 2020 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4600-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff January 09, 2020 wwwdebianorg/security/faq ...

Github Repositories

Script in PowerShell to detect vulnerable versions of Mozilla Firefox in a Windows domain.

Mozilla Firefox Vulnerability Scanner for Domain Description: Script in PowerShell to detect vulnerable versions of Mozilla Firefox in a Windows domain CVEs: CVE-2019-17026 and previous Considerations: Well configured WinRM on remote machines Well configured firewall rules Allow ping to remote machines from the Domain Controller Run the script with the Unrestricted or Byp

An exploit for CVE-2019-17026. It pops xcalc and was tested on Ubuntu (x64).

CVE-2019-17026 - A Firefox JIT bug Original bug caught in the wild by Qihoo 360 Exploit written by maxpl0it Works on Firefox < 7201 This is an exploit for CVE-2190-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement This exploit does not use a sandbox escape, so for testing the securitysandboxcontentlevel attribute in about:config need

Recent Articles

IT threat evolution Q1 2020. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Oleg Kupreev Evgeny Lopatin Alexey Kulaev • 20 May 2020

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data.
According to Kaspersky Security Network,
Q1 2020 will be remembered primarily for the coronavirus pandemic and cybercriminals’ exploitation of the topic. In particular, the creators of a new modification of the Ginp banking trojan renamed their malware Coronavirus Finder and then began offering it for €0.75 disguised as an app supposedly capable...

Mozilla rushes out patch for Firefox zero‑day
welivesecurity • Tomáš Foltýn • 09 Jan 2020

Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks.
Details about the flaw and its exploitation are rather sparse, however. What little is known, according to Mozilla’s security advisory released on Wednesday, is that it is a type confusion error that resides in IonMonkey, the just-in-time (JIT) compiler for the browser’s SpiderMonkey JavaScript engine.
A warning from the United St...

Mozilla Updates Firefox Browser: Zero-Day Bug Patched, Fingerprinting Nixed
Threatpost • Tom Spring • 08 Jan 2020

UPDATE
Mozilla patched a critical vulnerability actively being exploited in the wild with its latest update to the Firefox browser.
Mozilla said in a security bulletin Wednesday that it was “aware of targeted attacks in the wild that were abusing the flaw. A successful attack “could make it possible for attackers who successfully exploit it to abuse affected systems,” according to Mozilla.
The disclosure came a day after Mozilla released its latest Firefox 72 browser on ...