9.8

CVE-2019-9792

Exploit
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 60.6.0
MozillaFirefox Version < 66.0
MozillaThunderbird Version < 60.6.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.2% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2019:1144
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0966
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2019-07/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-08/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-11/
Vendor Advisory
http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html
Third Party Advisory
Exploit
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
Vendor Advisory
Exploit
Issue Tracking