CVE-2019-9791

critical-risk

Published 2019-04-26

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Do I need to act?

38.1% chance of exploitation in next 30 days

EPSS score — higher than 62% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

46613

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (10)

Firefox

Thunderbird

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Affected Vendors

Redhat Mozilla

References (12)

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0966

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1144

Exploit https://bugzilla.mozilla.org/show_bug.cgi?id=1530958

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-07/

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-08/

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-11/

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0966

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1144

Exploit https://bugzilla.mozilla.org/show_bug.cgi?id=1530958

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-07/

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-08/

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-11/

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 23/34 · High

Exposure 16/34 · Moderate