3 matches found
Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
EulerOS 2.0 SP2 : firefox (EulerOS-SA-2019-1570)
According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mozilla: IonMonkey MArraySlice has incorrect alias information CVE-2019-9810 - Mozilla: Ionmonkey type confusion with proto mutations...
Mozilla: IonMonkey MArraySlice has incorrect alias information
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...