CVE-2019-17026
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
Una información de alias incorrecta en compilador IonMonkey JIT para establecer los elementos de la matriz podría conllevar a una confusión de tipo. Estamos conscientes de los ataques dirigidos "in the wild" abusando de este fallo. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.4.1, Thunderbird versiones anteriores a 68.4.1, y Firefox versiones anteriores a 72.0.1.
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, or execute arbitrary code. It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2019-09-30 CVE Reserved
- 2020-01-09 CVE Published
- 2020-08-27 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2025-02-07 CVE Updated
- 2025-03-30 EPSS Updated
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (11)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/162568 | 2021-05-13 | |
| https://www.exploit-db.com/exploits/49864 | 2021-05-13 | |
| https://github.com/maxpl0it/CVE-2019-17026-Exploit | 2020-08-27 | |
| https://github.com/lsw29475/CVE-2019-17026 | 2021-02-24 | |
| http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html | 2025-02-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202003-02 | 2022-11-16 | |
| https://usn.ubuntu.com/4335-1 | 2022-11-16 | |
| https://www.mozilla.org/security/advisories/mfsa2020-03 | 2022-11-16 | |
| https://www.mozilla.org/security/advisories/mfsa2020-04 | 2022-11-16 | |
| https://access.redhat.com/security/cve/CVE-2019-17026 | 2020-01-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1789214 | 2020-01-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 72.0.1 Search vendor "Mozilla" for product "Firefox" and version " < 72.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 68.4.1 Search vendor "Mozilla" for product "Firefox Esr" and version " < 68.4.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 68.4.1 Search vendor "Mozilla" for product "Thunderbird" and version " < 68.4.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||