Security vulnerabilities fixed in Firefox 66.0.1

2019-03-22T00:00:00
ID MFSA2019-09
Type mozilla
Reporter Mozilla Foundation
Modified 2019-03-22T00:00:00

Description

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.