CVE-2019-9792

CRITICAL

Thunderbird <60.6, Firefox ESR <60.6, Firefox <66 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9792. PoCs published by Google Security Research.

AI-analyzed exploit summary The document describes a vulnerability in SpiderMonkey's IonMonkey JIT engine where branch pruning and Phi elimination can lead to the leakage of an internal JS_OPTIMIZED_OUT magic value, potentially causing memory corruption. It includes a proof-of-concept JavaScript function that triggers the issue.

Description

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/46939

View Code ZIP pw:eip

The document describes a vulnerability in SpiderMonkey's IonMonkey JIT engine where branch pruning and Phi elimination can lead to the leakage of an internal JS_OPTIMIZED_OUT magic value, potentially causing memory corruption. It includes a proof-of-concept JavaScript function that triggers the issue.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Mozilla SpiderMonkey (Firefox JavaScript engine)

No auth needed

Prerequisites: A system with a vulnerable version of SpiderMonkey/Firefox

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Vendor Advisory x_refsource_misc

https://www.mozilla.org/security/advisories/mfsa2019-07/

Vendor Advisory x_refsource_misc

https://www.mozilla.org/security/advisories/mfsa2019-08/

Vendor Advisory x_refsource_misc

https://www.mozilla.org/security/advisories/mfsa2019-11/

Exploit, Issue Tracking, Vendor Advisory x_refsource_misc

https://bugzilla.mozilla.org/show_bug.cgi?id=1532599

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:0966

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1144

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html

Scores

CVSS v3 9.8

EPSS 0.1320

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (10)

mozilla/firefox < 60.6.0

mozilla/thunderbird < 60.6.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux_eus 8.1

redhat/enterprise_linux_eus 8.2

redhat/enterprise_linux_eus 8.4

redhat/enterprise_linux_server_aus 8.2

redhat/enterprise_linux_server_aus 8.4

redhat/enterprise_linux_server_tus 8.2

redhat/enterprise_linux_server_tus 8.4

Published Apr 26, 2019

Tracked Since Feb 18, 2026