Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

CPENameOperatorVersion
ubuntu_linuxeq16.04
firefoxlt72.0.1
firefox_esrlt68.4.1
thunderbirdlt68.4.1

Name	Operator	Version
ubuntu_linux	eq	16.04
firefox	lt	72.0.1
firefox_esr	lt	68.4.1
thunderbird	lt	68.4.1

References

packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html

bugzilla.mozilla.org/show_bug.cgi?id=1607443

security.gentoo.org/glsa/202003-02

usn.ubuntu.com/4335-1/

www.mozilla.org/security/advisories/mfsa2020-03/

www.mozilla.org/security/advisories/mfsa2020-04/

cisa 1

symantec 1

veracode 1

debiancve 1

mozilla 2

archlinux 2

cisa_kev 1

nessus 57

debian 5

openvas 30

checkpoint_advisories 1

osv 4

avleonov 1

redhatcve 1

attackerkb 1

kaspersky 3

thn 1

ubuntucve 1

cve 1

alpinelinux 1

packetstorm 2

zdt 2

exploitdb 2

githubexploit 1

talosblog 1

oraclelinux 6

redhat 8

mageia 2

centos 4

amazon 1

threatpost 1

slackware 1

altlinux 1

suse 2

photon 1

ubuntu 3

securelist 1

gentoo 1

qualysblog 1

cisa

Mozilla Patches Critical Vulnerability

2020-01-08 00:00:00

symantec

Mozilla Firefox and Firefox ESR CVE-2019-17026 Type Confusion Remote Code Execution Vulnerability

2020-01-08 00:00:00

veracode

Arbitrary Code Execution

2020-01-18 01:01:54

debiancve

CVE-2019-17026

2020-03-02 05:15:00

mozilla

Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1 — Mozilla

2020-01-08 00:00:00

Security Vulnerabilities fixed in Thunderbird 68.4.1 — Mozilla

2020-01-10 00:00:00

archlinux

[ASA-202001-3] firefox: arbitrary code execution

2020-01-10 00:00:00

[ASA-202001-4] thunderbird: multiple issues

2020-01-14 00:00:00

cisa_kev

Mozilla Firefox And Thunderbird Type Confusion Vulnerability

2021-11-03 00:00:00

nessus

Mozilla Firefox < 72.0.1

2020-01-08 00:00:00

Mozilla Firefox ESR < 68.4.1

2020-01-08 00:00:00

Debian DLA-2093-1 : firefox-esr security update

2020-02-03 00:00:00

debian

[SECURITY] [DLA 2093-1] firefox-esr security update

2020-02-01 04:15:49

[SECURITY] [DSA 4603-1] thunderbird security update

2020-01-17 21:40:41

[SECURITY] [DLA 2061-1] firefox-esr security update

2020-01-09 10:22:20

openvas

Mozilla Firefox Security Advisory (MFSA2020-03) - Linux

2021-11-08 00:00:00

Debian: Security Advisory (DLA-2093-1)

2020-02-02 00:00:00

Mozilla Firefox ESR Security Advisories (MFSA2020-03, MFSA2020-03) - Windows

2020-01-09 00:00:00

checkpoint_advisories

Mozilla Firefox IonMonkey JIT Compiler Type Confusion (CVE-2019-17026)

2022-02-21 00:00:00

osv

firefox-esr - security update

2020-02-01 00:00:00

firefox-esr - security update

2020-01-09 00:00:00

thunderbird - security update

2020-01-17 00:00:00

avleonov

0day RCE in Firefox

2020-01-12 02:06:26

redhatcve

CVE-2019-17026

2020-01-09 05:09:01

attackerkb

CVE-2019-17026

2020-03-02 00:00:00

kaspersky

KLA11631 Type confusion vulnerability in Mozilla Firefox ESR

2020-01-08 00:00:00

KLA11630 Type confusion vulnerability in Mozilla Firefox

2020-01-08 00:00:00

KLA11635 Multiple vulnerabilities in Mozilla Thunderbird

2020-01-10 00:00:00

thn

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

2020-01-09 10:34:00

ubuntucve

CVE-2019-17026

2020-01-09 00:00:00

cve

CVE-2019-17026

2020-03-02 05:15:00

alpinelinux

CVE-2019-17026

2020-03-02 05:15:00

packetstorm

Firefox 72 IonMonkey JIT Type Confusion

2021-05-13 00:00:00

Mozilla Firefox 67 Array.pop JIT Type Confusion

2022-02-02 00:00:00

zdt

Mozilla Firefox 72 IonMonkey - JIT Type Confusion Exploit

2021-05-13 00:00:00

Mozilla Firefox 67 - Array.pop JIT Type Confusion Exploit

2022-02-02 00:00:00

exploitdb

Firefox 72 IonMonkey - JIT Type Confusion

2021-05-13 00:00:00

Mozilla Firefox 67 - Array.pop JIT Type Confusion

2022-02-02 00:00:00

githubexploit

Exploit for Type Confusion in Mozilla Firefox

2020-08-27 19:32:07

talosblog

Threat Source newsletter (Jan. 9, 2019)

2020-01-10 07:13:41

oraclelinux

thunderbird security update

2020-07-07 00:00:00

thunderbird security update

2020-01-16 00:00:00

thunderbird security update

2020-01-18 00:00:00

redhat

(RHSA-2020:0120) Important: thunderbird security update

2020-01-16 10:45:20

(RHSA-2020:0085) Critical: firefox security update

2020-01-13 13:06:23

(RHSA-2020:0127) Important: thunderbird security update

2020-01-16 12:26:13

mageia

Updated thunderbird packages fix security vulnerabilities

2020-01-12 02:52:04

Updated firefox packages fix security vulnerability

2020-01-09 23:11:02

centos

thunderbird security update

2020-01-18 14:41:32

thunderbird security update

2020-01-18 14:40:44

firefox security update

2020-01-15 14:45:49

amazon

Important: thunderbird

2020-02-10 23:43:00

threatpost

Mozilla Updates Firefox Browser: Zero-Day Bug Patched, Fingerprinting Nixed

2020-01-08 18:04:42

slackware

[slackware-security] mozilla-thunderbird

2020-01-11 00:19:13

altlinux

Security fix for the ALT Linux 10 package thunderbird version 68.4.1-alt1

2020-01-11 00:00:00

suse

Security update for MozillaFirefox (important)

2020-01-15 00:00:00

Security update for MozillaThunderbird (important)

2020-01-22 00:00:00

photon

Important Photon OS Security Update - PHSA-2023-3.0-0649

2023-09-14 00:00:00

ubuntu

Firefox vulnerabilities

2020-01-09 00:00:00

Thunderbird vulnerabilities

2020-01-16 00:00:00

Thunderbird vulnerabilities

2020-04-21 00:00:00

securelist

IT threat evolution Q1 2020. Statistics

2020-05-20 10:00:43

gentoo

Mozilla Firefox: Multiple vulnerabilities

2020-03-12 00:00:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.525 Medium

EPSS

Percentile

97.5%

JSON

Related for PRION:CVE-2019-17026