CVE Vulnerabilities

CVE-2019-17026

Access of Resource Using Incompatible Type ('Type Confusion')

Published: Mar 02, 2020 | Modified: May 13, 2021
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8.8 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

Weakness

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * *
Firefox_esr Mozilla * *
Thunderbird Mozilla * *
Red Hat Enterprise Linux 6 RedHat firefox-0:68.4.1-1.el6_10 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:68.4.1-2.el6_10 *
Red Hat Enterprise Linux 7 RedHat firefox-0:68.4.1-1.el7_7 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:68.4.1-2.el7_7 *
Red Hat Enterprise Linux 8 RedHat firefox-0:68.4.1-1.el8_1 *
Red Hat Enterprise Linux 8 RedHat thunderbird-0:68.4.1-2.el8_1 *
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat thunderbird-0:68.4.1-2.el8_0 *
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat firefox-0:68.4.1-1.el8_0 *
Firefox Ubuntu bionic *
Firefox Ubuntu devel *
Firefox Ubuntu disco *
Firefox Ubuntu eoan *
Firefox Ubuntu esm-infra/xenial *
Firefox Ubuntu focal *
Firefox Ubuntu groovy *
Firefox Ubuntu hirsute *
Firefox Ubuntu impish *
Firefox Ubuntu jammy *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Mozjs52 Ubuntu disco *
Mozjs52 Ubuntu eoan *
Mozjs52 Ubuntu groovy *
Mozjs60 Ubuntu disco *
Mozjs60 Ubuntu eoan *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu disco *
Thunderbird Ubuntu eoan *
Thunderbird Ubuntu esm-infra/xenial *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu groovy *
Thunderbird Ubuntu hirsute *
Thunderbird Ubuntu impish *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu upstream *
Thunderbird Ubuntu xenial *

Extended Description

When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access. While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways. This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues.

References