Vulnerability in Mozilla Firefox
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
EPSS: 0.802 (99.1th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions unspecified
- Mozilla Firefox Esr — versions unspecified
- Mozilla Thunderbird — versions unspecified
Public proof-of-concept exploits
References
- www.mozilla.org/security/advisories/mfsa2019-09/ (x_refsource_MISC)
- www.mozilla.org/security/advisories/mfsa2019-10/ (x_refsource_MISC)
- www.mozilla.org/security/advisories/mfsa2019-12/ (x_refsource_MISC)
- bugzilla.mozilla.org/show_bug.cgi (x_refsource_MISC)
- RHSA-2019:0966 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2019:1144 (vendor-advisory, x_refsource_REDHAT)
- packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Explo… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-9810?
- CVE-2019-9810 is a vulnerability in Mozilla Firefox. Published 2019-04-26.
- Is CVE-2019-9810 known to be exploited?
- 37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.