CVE-2019-9792:IonMonkey JIT leaks the internal JS_OPTIMIZED_OUT magic value to the running script during bailout, enabling memory corruption and potentially an exploitable crash. Affected products include Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

splash
Back

Description Preview

The vulnerability (CVE-2019-9792) arises from the IonMonkey just-in-time (JIT) compiler leaking an internal JS_OPTIMIZED_OUT magic value to the executing script during a bailout. An attacker could leverage this leaked value within JavaScript to induce memory corruption, which can lead to a potentially exploitable crash. This issue affects Mozilla products including Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Public advisories from Mozilla (MFSA 2019-07, 2019-08, 2019-11) and related vendor notices describe the impact and fixes; Red Hat also published advisories (RHSA-2019:0966 and RHSA-2019:1144) addressing affected components. The vulnerability provides a concrete example of how JIT optimizations can impact memory safety in JavaScript engines.

Overview

The IonMonkey JIT compiler leak leads to exposure of a critical internal value (JS_OPTIMIZED_OUT) during bailout, enabling JavaScript to cause memory corruption and potentially crash the process. This affects Thunderbird before 60.6, Firefox ESR before 60.6, and Firefox before 66. The issue was disclosed in Mozilla advisories and corresponding vendor advisories, with remediation implemented in newer browser versions.

Remediation

  • Upgrade Thunderbird to version 60.6 or later.
  • Upgrade Firefox ESR to version 60.6 or later.
  • Upgrade Firefox to version 66 or later.
  • Apply the latest security updates for your operating system and applications; enable automatic updates where possible.
  • If upgrading is not feasible, review and apply mitigations or guidance from the vendor advisories (e.g., RHSA-2019:0966 and RHSA-2019:1144) and monitor for any additional patches or workarounds.
  • After applying updates, verify versions to confirm deployment of the fixes and perform basic functionality checks.

References

  • https://www.mozilla.org/security/advisories/mfsa2019-07/
  • https://www.mozilla.org/security/advisories/mfsa2019-08/
  • https://www.mozilla.org/security/advisories/mfsa2019-11/
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
  • https://access.redhat.com/errata/RHSA-2019:0966
  • https://access.redhat.com/errata/RHSA-2019:1144
  • http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Public Administration: Medium
    Public Administration
  2. Manufacturing: Medium
    Manufacturing
  3. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  4. Educational Services: Medium
    Educational Services
  5. Transportation & Warehousing: Medium
    Transportation & Warehousing
  6. Professional, Scientific, & Technical Services: Medium
    Professional, Scientific, & Technical Services
  7. Retail Trade: Medium
    Retail Trade
  8. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  9. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  10. Finance and Insurance: Low
    Finance and Insurance
  11. Utilities: Low
    Utilities
  12. Information: Low
    Information
  13. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  14. Accommodation & Food Services: Low
    Accommodation & Food Services
  15. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Construction: Low
    Construction
  18. Mining: Low
    Mining
  19. Wholesale Trade: Low
    Wholesale Trade
  20. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background