Context Navigation

← Previous Ticket
Next Ticket →

#13002 closed enhancement (fixed)

firefox-68.4.1 (0day: CVE-2019-17026)

Reported by:	Douglas R. Reno	Owned by:	ken@…
Priority:	highest	Milestone:	9.1
Component:	BOOK	Version:	SVN
Severity:	critical	Keywords:
Cc:

Description ¶

New point version of Firefox ESR.

This is marked as critical as there is a 0-day vulnerability currently being exploited in the wild. Here are the details:

https://www.bleepingcomputer.com/news/security/mozilla-firefox-7201-patches-actively-exploited-zero-day/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

Mozilla Foundation Security Advisory 2020-03
Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1

Announced
    January 8, 2020
Impact
    critical
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 72.0.1
        Firefox ESR 68.4.1

#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement

Reporter
    Qihoo 360 ATA
Impact
    critical

Description

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
References

    Bug 1607443

The United States Department of Homeland Security has also issued an advisory through their CISA (Cybersecurity and Infrastructure Security Agency) today.

https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability

Mozilla Patches Critical Vulnerability
Original release date: January 08, 2020

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

We should probably get this in ASAP.

Change History (3)

comment:1 by Douglas R. Reno, 5 years ago

Now a Firefox announcement as of 8:17 AM CST:

https://groups.google.com/forum/#!topic/mozilla.announce/Gklx8RPCu8E

comment:2 by ken@…, 5 years ago

Owner:	changed from blfs-book to ken@…
Status:	new → assigned

comment:3 by ken@…, 5 years ago

Resolution:	→ fixed
Status:	assigned → closed

Looking at https://security-tracker.debian.org/tracker/CVE-2019-17026 this applies to all firefox versions back to at least 52.8.1esr which is pretty old. If I'm reading the reports correctly, it is in the JIT compiler for SpiderMonkey - I hope that, and thunderbird, are not also affected.

r22559

Note: See TracTickets for help on using tickets.

Download in other formats: