Rewterz Threat Advisory – F5 Multiple Products Linux Kernel Denial of Service Vulnerability
March 25, 2019Rewterz Threat Advisory – F5 Multiple Products Bind Security Bypass Vulnerability
March 26, 2019Rewterz Threat Advisory – F5 Multiple Products Linux Kernel Denial of Service Vulnerability
March 25, 2019Rewterz Threat Advisory – F5 Multiple Products Bind Security Bypass Vulnerability
March 26, 2019Severity
Medium
Analysis Summary
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
CVE-2019-9813
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
Impact
- Execution of arbitrary code.
- System access
Affected Products
Mozilla Firefox 60.x
Mozilla Firefox 66.x
Remediation
Update to version 66.0.1 , 60.6.1.