CVE-2019-9813

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1, and can be leveraged for arbitrary memory read and write.
Group Package Affected Fixed Severity Status Ticket
AVG-947 thunderbird 60.5.3-1 60.6.1-1 Critical Fixed
AVG-930 firefox 66.0-1 66.0.1-1 Critical Fixed
Date Advisory Group Package Severity Description
06 Apr 2019 ASA-201904-4 AVG-947 thunderbird Critical arbitrary code execution
23 Mar 2019 ASA-201903-14 AVG-930 firefox Critical arbitrary code execution
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813
https://bugzilla.mozilla.org/show_bug.cgi?id=1538006