Mozilla Foundation Security Advisory 2019-09
Security vulnerabilities fixed in Firefox 66.0.1
- March 22, 2019
- Fixed in
- Firefox 66.0.1
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
- Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
- Niklas Baumstark via Trend Micro's Zero Day Initiative
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.