PT-2019-4612 · Mozilla+5 · Firefox Esr+7

Nils

·

Publicado

2019-03-19

·

Atualizado

2024-12-12

·

CVE-2019-9796

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.6 Firefox ESR versions prior to 60.6 Firefox versions prior to 66
Description A use-after-free issue occurs due to the SMIL animation controller incorrectly registering with the refresh driver twice. This leaves a dangling pointer to the driver's observer array when the animation controller element is removed, potentially allowing a remote attacker to gain unauthorized access to information and compromise its integrity.
Recommendations For Thunderbird versions prior to 60.6, update to version 60.6 or later. For Firefox ESR versions prior to 60.6, update to version 60.6 or later. For Firefox versions prior to 66, update to version 66 or later.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2019-1486
ALT-PU-2019-1497
ALT-PU-2019-1561
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2020-00746
CESA-2019_0622
CESA-2019_0623
CESA-2019_0680
CESA-2019_0681
CESA-2019_0966
CESA-2019_1144
CVE-2019-9796
DLA-1722-1
DLA-1743-1
DSA-4411-1
DSA-4420-1
MGASA-2019-0116
MGASA-2019-0129
OPENSUSE-SU-2019:1077-1
OPENSUSE-SU-2019:1126-1
OPENSUSE-SU-2019:1162-1
OPENSUSE-SU-2019_1056-1
OPENSUSE-SU-2019_1077-1
OPENSUSE-SU-2019_1162-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:0622
RHSA-2019:0623
RHSA-2019:0680
RHSA-2019:0681
RHSA-2019:0966
RHSA-2019:1144
RHSA-2019_0622
RHSA-2019_0623
RHSA-2019_0680
RHSA-2019_0681
RHSA-2019_0966
RHSA-2019_1144
SUSE-SU-2019:0852-1
SUSE-SU-2019:0853-1
SUSE-SU-2019:0871-1
USN-3918-1
USN-3918-2
USN-3918-3
USN-3918-4
USN-3927-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu