CVE-2019-17026

HIGH KEV

Mozilla Firefox < 68.4.1 - Type Confusion

Title source: rule

Description

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

Exploits (3)

nomisec WRITEUP 47 stars

by maxpl0it · client-side

https://github.com/maxpl0it/CVE-2019-17026-Exploit

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by lsw29475 · client-side

https://github.com/lsw29475/CVE-2019-17026

View Code ZIP pw:eip

exploitdb WORKING POC

by Forrest Orr · javascriptlocalwindows_x86-64

https://www.exploit-db.com/exploits/49864

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1607443

[Third Party Advisory] https://security.gentoo.org/glsa/202003-02

[Third Party Advisory] https://usn.ubuntu.com/4335-1/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-03/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-04/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17026

Scores

CVSS v3 8.8

EPSS 0.6481

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03

VulnCheck KEV 2020-01-07

InTheWild.io 2020-01-07

ENISA EUVD EUVD-2019-7500

Classification

CWE

CWE-843

Status published

Affected Products (4)

mozilla/firefox < 68.4.1

mozilla/firefox < 72.0.1

mozilla/thunderbird < 68.4.1

canonical/ubuntu_linux

Timeline

Published Mar 02, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026