CVE-2019-9810

HIGH EXPLOITED IN THE WILD

Firefox < 66.0.1 - Buffer Overflow

Title source: llm

Description

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Exploits (5)

exploitdb WORKING POC
by Axel Souchet · javascriptlocalwindows_x86-64
https://www.exploit-db.com/exploits/47752
exploitdb WORKING POC
by xuechiyaobai · htmldosmultiple
https://www.exploit-db.com/exploits/46605
nomisec WORKING POC 229 stars
by 0vercl0k · client-side
https://github.com/0vercl0k/CVE-2019-9810
nomisec WRITEUP 68 stars
by xuechiyaobai · poc
https://github.com/xuechiyaobai/CVE-2019-9810-PoC
vulncheck_xdb WORKING POC
client-side
https://github.com/0vercl0k/CVE-2019-11708

References (7)

Scores

CVSS v3 8.8
EPSS 0.7161
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-11-08
InTheWild.io 2022-11-09
CWE
CWE-119
Status published
Products (10)
mozilla/firefox < 60.6.1
mozilla/thunderbird < 60.6.1
redhat/enterprise_linux 8.0
redhat/enterprise_linux_eus 8.1
redhat/enterprise_linux_eus 8.2
redhat/enterprise_linux_eus 8.4
redhat/enterprise_linux_server_aus 8.2
redhat/enterprise_linux_server_aus 8.4
redhat/enterprise_linux_server_tus 8.2
redhat/enterprise_linux_server_tus 8.4
Published Apr 26, 2019
Tracked Since Feb 18, 2026