Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
Recent assessments:
gwillcox-r7 at November 22, 2020 2:13am UTC reported:
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original Tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html
bugzilla.mozilla.org/show_bug.cgi?id=1607443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026
security.gentoo.org/glsa/202003-02
usn.ubuntu.com/4335-1
usn.ubuntu.com/4335-1/
www.mozilla.org/security/advisories/mfsa2020-03
www.mozilla.org/security/advisories/mfsa2020-03/
www.mozilla.org/security/advisories/mfsa2020-04
www.mozilla.org/security/advisories/mfsa2020-04/