Mozilla Foundation Security Advisory 2020-03

Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1

Announced
January 8, 2020
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 72.0.1
  • Firefox ESR 68.4.1

#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement

Reporter
Qihoo 360 ATA
Impact
critical
Description

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.

References