Type Confusion Vulnerability in IonMonkey JIT Compiler for Array Element Setting

Type Confusion Vulnerability in IonMonkey JIT Compiler for Array Element Setting

CVE-2019-17026 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

Learn more about our Web Application Penetration Testing UK.