CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 30, 2019
- Published Date
- March 02, 2020
- Last Updated
- February 07, 2025
- Vendor
- Mozilla
- Product
- Firefox ESR, Thunderbird, Firefox
- Description
- Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
CVSS Scores
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
https://www.mozilla.org/security/advisories/mfsa2020-04/
https://www.mozilla.org/security/advisories/mfsa2020-03/
https://bugzilla.mozilla.org/show_bug.cgi?id=1607443
https://security.gentoo.org/glsa/202003-02
https://usn.ubuntu.com/4335-1/
http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
lsw29475/CVE-2019-17026
Type: github • Created: 2021-02-24 13:18:54 UTC • Stars: 3
maxpl0it/CVE-2019-17026-Exploit
Type: github • Created: 2020-08-27 19:32:07 UTC • Stars: 48
An exploit for CVE-2019-17026. It pops xcalc and was tested on Ubuntu (x64).