CVE-2019-9791

CRITICAL

Thunderbird <60.6-Firefox <66 - Memory Corruption

Title source: llm

Description

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Exploits (2)

nomisec WORKING POC 2 stars

by Sp0pielar · poc

https://github.com/Sp0pielar/CVE-2019-9791

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdosmultiple

https://www.exploit-db.com/exploits/46613

View Code ZIP pw:eip

References (6)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0966

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:1144

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1530958

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2019-07/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2019-08/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2019-11/

Scores

CVSS v3 9.8

EPSS 0.3888

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-843

Status published

Affected Products (10)

mozilla/firefox < 60.6.0

mozilla/thunderbird < 60.6.0

redhat/enterprise_linux

redhat/enterprise_linux_eus

redhat/enterprise_linux_eus

redhat/enterprise_linux_eus

redhat/enterprise_linux_server_aus

redhat/enterprise_linux_server_aus

redhat/enterprise_linux_server_tus

redhat/enterprise_linux_server_tus

Timeline

Published Apr 26, 2019

Tracked Since Feb 18, 2026