CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9795 – Mozilla: Type-confusion in IonMonkey JIT compiler
https://notcve.org/view.php?id=CVE-2019-9795
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Una vulnerabilidad de confusión de tipo en compilador IonMonkey just-in-time (JIT) podría ser utilizado por JavaScript malicioso para desencadenar un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 60.6, Firefox ESR versiones anteriores a 60.6 y Firefox versiones anteriores a 66. • https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1514682 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9795 https://bugzilla.redhat.com/show_bug.cgi?id=1690680 • CWE-617: Reachable Assertion CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9790 – Mozilla: Use-after-free when removing in-use DOM elements
https://notcve.org/view.php?id=CVE-2019-9790
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Podría ocurrir una vulnerabilidad de uso después de liberación de memoria cuando es obtenido un puntero raw al elemento DOM en una página empleando JavaScript y el elemento es eliminado mientras sigue en uso. Esto resulta en un cierre inesperado potencialmente explotable. • https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1525145 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9790 https://bugzilla.redhat.com/show_bug.cgi?id=1690675 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 22%CPEs: 11EXPL: 3CVE-2019-9791 – Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
https://notcve.org/view.php?id=CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El sistema de inferencia de tipos permite la recopilación de funciones que pueden generar confusiones de tipo entre objetos arbitrarios cuando se compilan por medio del compilador IonMonkey just-in-time (JIT) y cuando se ingresa a la función constructor mediante el reemplazo en la pila (OSR). Esto permite una posible lectura y escritura arbitrarias de objetos durante un bloqueo explotable. • https://www.exploit-db.com/exploits/46613 https://github.com/Sp0pielar/CVE-2019-9791 https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9791 https://bugzilla.redhat. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 17%CPEs: 11EXPL: 3CVE-2019-9792 – Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
https://notcve.org/view.php?id=CVE-2019-9792
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El compilador IonMonkey just-in-time (JIT) puede filtrar un valor mágico interno JS_OPTIMIZED_OUT para la ejecución script durante un rescate. JavaScript puede utilizar este valor mágico para lograr daños en la memoria, lo que lleva a un fallo potencialmente explotable. • https://www.exploit-db.com/exploits/46939 http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1532599 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/ • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-9788 – Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
https://notcve.org/view.php?id=CVE-2019-9788
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Desarrolladores de Mozilla y miembros de la comunidad reportaron bugs en seguridad de memoria presentes en Firefox 65, Firefox ESR 60.5, y Thunderbird 60.5. Algunos de los bugs mostraron evidencias de corrupción de memoria y asumimos que con el suficiente esfuerzo esto podría ser explotado para ejecutar código arbitrario. • https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9788 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •