Mozilla Firefox And Firefox ESR Type Confusion Vulnerability

Summary:

Mozilla Firefox and Firefox Extended Support Release (ESR) suffer from Type Confusion Vulnerability which could allow for arbitrary code execution. Depending on the privileges of the user, an attacker could install, view, change, or delete data, or create new accounts with full user rights.
This issue was assigned under CVE-2019-17026.

Description:

Recently a Type Confusion Vulnerability in Mozilla Firefox and Firefox Extended Support Release (ESR), which may allow for arbitrary code execution was reported to Mozilla by researchers. CVE-2019-17026 is identified as type confusion vulnerability in IonMonkey, (JIT) The JavaScript Just-In-Time compiler for SpiderMonkey (Mozilla’s JavaScript engine).

According to the advisory published by Mozilla , the vulnerability exists in the JIT compiler due to incorrect alias information for setting array elements specifically in StoreElementHole and FallibleStoreElement. By convincing a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using different unknown attack vectors to execute arbitrary code on the target system or can cause a (DOS) denial of service attack.

“Type Confusion”, is very common technique with ActionScript Virtual Machine that generally occurs when a piece or block of code doesn’t verify the type of object passed to it, and uses it without type checking. Type confusion vulnerability can be very dangerous because a type is expressed as layout of memory in lower level. Also with type confusion, wrong function pointers ,data are fed into the piece of code. In some circumstances this can also lead to code execution.

As of now, no proof of concept is available for this vulnerability.

Affected Products:

Firefox versions prior to 72.0.1
Firefox ESR versions prior to 68.4.1

Mitigation:

Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 to address CVE-2019-17026. Firefox users are advised to upgrade as soon as possible because this vulnerability has been exploited in targeted attacks.

Qualys customers can use QID: 372325 to detect vulnerable assets. Please continue to follow on Qualys Threat Protection for more coverage on these vulnerabilities.

References & Sources:

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026

Leave a Reply

Your email address will not be published. Required fields are marked *