Mozilla released security updates for Firefox 60 and newly released version Firefox 66 browser to address two critical vulnerabilities.
The updates for Firefox 60.6.1 and 66.6.1 both include the same fixes for critical IonMonkey vulnerabilities that could lead remote attackers to take control of affected systems.
A description of each of the bugs are listed below:
IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810): “Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.”
Ionmonkey type confusion with proto mutations (CVE-2019-9813): “Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.”