PT-2019-4807 · Mozilla+5 · Firefox Esr+7
Nils
·
Published
2019-12-03
·
Updated
2024-12-12
·
CVE-2019-17011
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 71
Firefox ESR versions prior to 68.3
Thunderbird versions prior to 68.3
Description
The issue is related to an error in extracting a document from DocShell, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.
Recommendations
For Firefox versions prior to 71, update to version 71 or later to resolve the issue.
For Firefox ESR versions prior to 68.3, update to version 68.3 or later to resolve the issue.
For Thunderbird versions prior to 68.3, update to version 68.3 or later to resolve the issue.
Exploit
Fix
Race Condition
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu