mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 02:45:46 +02:00
0xMarcio
1.6 KiB
1.6 KiB
CVE-2019-9791
Description
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
POC
Reference
Github
- https://github.com/RUB-SysSec/JIT-Picker
- https://github.com/Sp0pielar/CVE-2019-9791
- https://github.com/ZihanYe/web-browser-vulnerabilities
- https://github.com/googleprojectzero/fuzzilli
- https://github.com/otravidaahora2t/js-vuln-db
- https://github.com/tunz/js-vuln-db
- https://github.com/ulexec/Exploits
- https://github.com/zhangjiahui-buaa/MasterThesis