Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026
Acknowledgments: Name: the Mozilla project Upstream: Qihoo 360 ATA
*** Bug 1788980 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0086
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0085
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17026
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0111
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0123 https://access.redhat.com/errata/RHSA-2020:0123
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0120
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0127 https://access.redhat.com/errata/RHSA-2020:0127
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0292 https://access.redhat.com/errata/RHSA-2020:0292
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0295 https://access.redhat.com/errata/RHSA-2020:0295