Mozilla Firefox、Firefox ESR和Thunderbird IonMonkey JIT compiler 安全漏洞

CNNVD-ID编号	CNNVD-202001-297
CVE编号	CVE-2019-17026
发布时间	2020-01-09
更新时间	2020-05-27
漏洞类型	其他
漏洞来源	Qihoo 360 ATA,Ubuntu,Debian,Red Hat,Gentoo
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

Mozilla Firefox等都是美国Mozilla（Mozilla）基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。IonMonkey JIT compiler是其中的一个JIT编译器。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。

Mozilla Firefox 72.0.1之前版本、Firefox ESR 68.4.1之前版本和Thunderbird 68.4.1之前版本中的IonMonkey JIT compiler存在类型混淆漏洞。远程攻击者可利用该漏洞执行任意代码或导致拒绝服务。

漏洞补丁

目前厂商已发布升级了Mozilla Firefox、Firefox ESR和Thunderbird IonMonkey JIT compiler 安全漏洞的补丁，Mozilla Firefox、Firefox ESR和Thunderbird IonMonkey JIT compiler 安全漏洞的补丁获取链接：

https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/

参考网址

来源:MISC

链接：https://bugzilla.mozilla.org/show_bug.cgi?id=1607443
来源:GENTOO

链接：https://security.gentoo.org/glsa/202003-02
来源:MISC

链接：https://www.mozilla.org/security/advisories/mfsa2020-03/
来源:MISC

链接：https://www.mozilla.org/security/advisories/mfsa2020-04/
来源:usn.ubuntu.com

链接：https://usn.ubuntu.com/4241-1/
来源:www.us-cert.gov

链接：https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability
来源:www.mozilla.org

链接：https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0111
来源:www.debian.org

链接：https://www.debian.org/lts/security/2020/dla-2093
来源:www.debian.org

链接：https://www.debian.org/security/2020/dsa-4603
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0086
来源:access.redhat.com

链接：https://access.redhat.com/errata/RHSA-2020:0085
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-202014268-1.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-20200142-1.html
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Mozilla-Firefox-memory-corruption-via-IonMonkey-JIT-Compiler-31273
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157345/Ubuntu-Security-Notice-USN-4335-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0206/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0128/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156704/Gentoo-Linux-Security-Advisory-202003-02.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155970/Red-Hat-Security-Advisory-2020-0127-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156000/Debian-Security-Advisory-4603-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0078/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0386/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0210/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156158/Red-Hat-Security-Advisory-2020-0295-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155892/Debian-Security-Advisory-4600-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0152/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0118/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0195/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0194/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155932/Red-Hat-Security-Advisory-2020-0085-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155955/Red-Hat-Security-Advisory-2020-0111-01.html
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-17026
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1387/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202001-297