Opened 4 years ago

Closed 4 years ago

#13002 closed enhancement (fixed)

firefox-68.4.1 (0day: CVE-2019-17026)

Reported by: Douglas R. Reno Owned by: ken@…
Priority: highest Milestone: 9.1
Component: BOOK Version: SVN
Severity: critical Keywords:


New point version of Firefox ESR.

This is marked as critical as there is a 0-day vulnerability currently being exploited in the wild. Here are the details:

Mozilla Foundation Security Advisory 2020-03
Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1

    January 8, 2020
    Firefox, Firefox ESR
Fixed in

        Firefox 72.0.1
        Firefox ESR 68.4.1

#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement

    Qihoo 360 ATA


Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.

    Bug 1607443

The United States Department of Homeland Security has also issued an advisory through their CISA (Cybersecurity and Infrastructure Security Agency) today.

Mozilla Patches Critical Vulnerability
Original release date: January 08, 2020

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

We should probably get this in ASAP.

Change History (3)

comment:1 by Douglas R. Reno, 4 years ago

Now a Firefox announcement as of 8:17 AM CST:!topic/mozilla.announce/Gklx8RPCu8E

comment:2 by ken@…, 4 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:3 by ken@…, 4 years ago

Resolution: fixed
Status: assignedclosed

Looking at this applies to all firefox versions back to at least 52.8.1esr which is pretty old. If I'm reading the reports correctly, it is in the JIT compiler for SpiderMonkey - I hope that, and thunderbird, are not also affected.


Note: See TracTickets for help on using tickets.