Bug 1690678 (CVE-2019-9793) - CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled
Summary: CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are di...
Status: CLOSED ERRATA
Alias: CVE-2019-9793
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20190320,repo...
Keywords: Security
Depends On: 1688867 1690496 1690692 1703894 1688866 1688868 1690494 1690495 1703888 1703893
Blocks: 1688735 1690493
TreeView+ depends on / blocked
 
Reported: 2019-03-20 02:14 UTC by Doran Moppert
Modified: 2019-06-10 10:51 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-06-10 10:51:24 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0622 None None None 2019-03-20 15:11 UTC
Red Hat Product Errata RHSA-2019:0623 None None None 2019-03-20 15:21 UTC
Red Hat Product Errata RHSA-2019:0680 None None None 2019-03-28 14:48 UTC
Red Hat Product Errata RHSA-2019:0681 None None None 2019-03-28 14:49 UTC
Red Hat Product Errata RHSA-2019:0966 None None None 2019-05-07 04:18 UTC
Red Hat Product Errata RHSA-2019:1144 None None None 2019-05-13 05:03 UTC

Description Doran Moppert 2019-03-20 02:14:33 UTC
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. 

 *Note: Spectre mitigations are currently enabled for all users by default settings.*



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793

Comment 1 Doran Moppert 2019-03-20 02:14:36 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Bruno Keith & Niklas Baumstark (the phoenhex team)

Comment 3 errata-xmlrpc 2019-03-20 15:11:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622

Comment 4 errata-xmlrpc 2019-03-20 15:21:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623

Comment 5 errata-xmlrpc 2019-03-28 14:48:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0680 https://access.redhat.com/errata/RHSA-2019:0680

Comment 6 errata-xmlrpc 2019-03-28 14:49:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0681 https://access.redhat.com/errata/RHSA-2019:0681

Comment 8 errata-xmlrpc 2019-05-07 04:18:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:0966

Comment 9 errata-xmlrpc 2019-05-13 05:03:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144


Note You need to log in before you can comment on or make changes to this bug.