Security vulnerabilities fixed in Firefox 66.0.1
- March 22, 2019
- Fixed in
- Firefox 66.0.1
- Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
- Niklas Baumstark via Trend Micro's Zero Day Initiative
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.