Severity
Medium
Analysis Summary
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
CVE-2019-9813
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
Impact
Affected Products
Mozilla Firefox 60.x
Mozilla Firefox 66.x
Remediation
Update to version 66.0.1 , 60.6.1.