CVE-2019-9791

Advisory lineage Upstream: 0 Downstream: 25
Modified
Published: 26 Apr 2019, 16:13
Last modified:04 Aug 2024, 22:01

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
38.07% HIGH
38% probability -1.23%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

26 Apr 2019, 16:13
Published
Vulnerability first disclosed
04 Aug 2024, 22:01
Last Modified
Vulnerability information updated

Description

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 38.07% Percentile: 97%

Techniques & Countermeasures

  • CWE-843Access of Resource Using Incompatible Type ('Type Confusion')

    The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Affected Systems

  • UnknownFirefox

    < 60.6.0 | < 66.0 | ≥ unspecified, < 66

  • mozillafirefox_esr

    ≥ unspecified, < 60.6

  • mozillathunderbird

    < 60.6.0 | ≥ unspecified, < 60.6

  • redhatenterprise_linux

    8.0

  • redhatenterprise_linux_eus

    8.1 | 8.2 | 8.4

  • redhatenterprise_linux_server_aus

    8.2 | 8.4

  • redhatenterprise_linux_server_tus

    8.2 | 8.4

References (6)