Mozilla Foundation Security Advisory 2019-10
Security vulnerabilities fixed in Firefox 60.6.1
- Announced
- March 22, 2019
- Impact
- critical
- Products
- Firefox ESR
- Fixed in
-
- Firefox ESR 60.6.1
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
- Reporter
- Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative
- Impact
- critical
Description
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
References
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
- Reporter
- Niklas Baumstark via Trend Micro's Zero Day Initiative
- Impact
- critical
Description
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.