cvelistv5 - cve-2019-17026

CVE-2019-17026 (GCVE-0-2019-17026)

Vulnerability from cvelistv5

Published

2020-03-02 04:05

Modified

2025-10-21 23:35

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

IonMonkey type confusion with StoreElementHole and FallibleStoreElement

Summary

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

References

URL

Tags

	https://www.mozilla.org/security/advisories/mfsa2020-04/	x_refsource_MISC
	https://www.mozilla.org/security/advisories/mfsa2020-03/	x_refsource_MISC
	https://bugzilla.mozilla.org/show_bug.cgi?id=1607443	x_refsource_MISC
	https://security.gentoo.org/glsa/202003-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4335-1/	vendor-advisory, x_refsource_UBUNTU
	http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

Mozilla

Firefox ESR

Version: unspecified < 68.4.1

	Mozilla	Thunderbird	Version: unspecified < 68.4.1
	Mozilla	Firefox	Version: unspecified < 72.0.1

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-17026

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-04/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-03/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443"
          },
          {
            "name": "GLSA-202003-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-02"
          },
          {
            "name": "USN-4335-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4335-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-17026",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T12:48:51.769583Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17026"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:50.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17026"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2019-17026 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.4.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "68.4.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "72.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 68.4.1, Thunderbird \u003c 68.4.1, and Firefox \u003c 72.0.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "IonMonkey type confusion with StoreElementHole and FallibleStoreElement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-13T17:06:23.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-04/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-03/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443"
        },
        {
          "name": "GLSA-202003-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-02"
        },
        {
          "name": "USN-4335-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4335-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.4.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "68.4.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "72.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 68.4.1, Thunderbird \u003c 68.4.1, and Firefox \u003c 72.0.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IonMonkey type confusion with StoreElementHole and FallibleStoreElement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-04/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-04/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2020-03/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2020-03/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443"
            },
            {
              "name": "GLSA-202003-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-02"
            },
            {
              "name": "USN-4335-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4335-1/"
            },
            {
              "name": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2019-17026",
    "datePublished": "2020-03-02T04:05:03.000Z",
    "dateReserved": "2019-09-30T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:50.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-17026",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-17026",
      "product": "Firefox and Thunderbird",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.",
      "vendorProject": "Mozilla",
      "vulnerabilityName": "Mozilla Firefox And Thunderbird Type Confusion Vulnerability"
    }
  }
}

CERTFR-2020-ALE-003

Vulnerability from certfr_alerte

Le 08 janvier 2020, Mozilla a publié un avis de sécurité (cf. section Documentation) annonçant que la vulnérabilité CVE-2019-17026 est activement exploitée dans le cadre d'attaques ciblées.

Cette vulnérabilité permet une exécution de code arbitraire à distance.

Le correctif étant disponible, le CERT-FR recommande l'application de la mise à jour dans les plus brefs délais.

[Mise à jour du 13 janvier 2020]

Le 10 janvier 2020, Mozilla a publié un avis de sécurité Thunderbird indiquant que son client de messagerie électronique était également affecté par la vulnérabilité CVE-2019-17026 (cf. section Documentation). Le correctif est disponible et doit être appliqué dès que possible.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox versions antérieures à 72.0.1
Mozilla	Thunderbird	Thunderbird versions antérieures à 68.4.1
Mozilla	Firefox	Firefox versions antérieures à ESR 68.4.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-03 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2020-04 du 10 janvier 2020	None	vendor-advisory
Avis CERT-FR CERTFR-2020-AVI-019 du 13 janvier 2020 https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-019/	-	other
Avis CERT-FR CERTFR-2020-AVI-016 du 09 janvier 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 72.0.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 68.4.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 ESR 68.4.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2020-01-20",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17026"
    }
  ],
  "initial_release_date": "2020-01-09T00:00:00",
  "last_revision_date": "2020-01-20T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2020-AVI-019 du 13 janvier 2020 https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-019/",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-016/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2020-AVI-016 du 09 janvier 2020",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-016/"
    }
  ],
  "reference": "CERTFR-2020-ALE-003",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-04 du 10 janvier 2020",
      "revision_date": "2020-01-13T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2020-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u00a0\n\nLe 08 janvier 2020, Mozilla a publi\u00e9 un avis de s\u00e9curit\u00e9 (cf. section\nDocumentation) annon\u00e7ant que la vuln\u00e9rabilit\u00e9 CVE-2019-17026 est\nactivement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n\nCette vuln\u00e9rabilit\u00e9 permet une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nLe correctif \u00e9tant disponible, le CERT-FR recommande l\u0027application de la\nmise \u00e0 jour dans les plus brefs d\u00e9lais.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 13 janvier 2020\\]\u003c/strong\u003e\n\nLe 10 janvier 2020, Mozilla a publi\u00e9 un avis de s\u00e9curit\u00e9 Thunderbird\nindiquant que son client de messagerie \u00e9lectronique \u00e9tait \u00e9galement\naffect\u00e9 par la vuln\u00e9rabilit\u00e9\u00a0CVE-2019-17026 (cf. section Documentation).\nLe correctif est disponible et doit \u00eatre appliqu\u00e9 d\u00e8s que possible.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-03 du 08 janvier 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-04 du 10 janvier 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/"
    }
  ]
}

CERTFR-2020-AVI-019

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 68.4.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-04 du 10 janvier 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 68.4.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17016"
    },
    {
      "name": "CVE-2019-17017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17017"
    },
    {
      "name": "CVE-2019-17022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17022"
    },
    {
      "name": "CVE-2019-17026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17026"
    },
    {
      "name": "CVE-2019-17015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17015"
    },
    {
      "name": "CVE-2019-17021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17021"
    },
    {
      "name": "CVE-2019-17024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17024"
    }
  ],
  "initial_release_date": "2020-01-13T00:00:00",
  "last_revision_date": "2020-01-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-019",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-04 du 10 janvier 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/"
    }
  ]
}

CERTFR-2020-AVI-016

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 72.0.1
	Mozilla	Firefox	Firefox versions antérieures à ESR 68.4.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2020-03 du 08 janvier 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 72.0.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 ESR 68.4.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17026"
    }
  ],
  "initial_release_date": "2020-01-09T00:00:00",
  "last_revision_date": "2020-01-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mozilla Firefox. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-03 du 08 janvier 2020",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-17026 (GCVE-0-2019-17026)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2020-ALE-003

Vulnerability from certfr_alerte

Solution

CERTFR-2020-AVI-019

Vulnerability from certfr_avis

Solution

CERTFR-2020-AVI-016

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature