PT-2019-5130 · Mozilla+5 · Firefox Esr+7

Looben Yang

·

Published

2019-11-29

·

Updated

2024-12-12

·

CVE-2019-17008

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 71 Firefox ESR versions prior to 68.3 Thunderbird versions prior to 68.3
Description The issue is related to the use of nested workers in browsers, which can lead to a use-after-free condition during worker destruction, resulting in a potentially exploitable crash. This could allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity.
Recommendations For Firefox versions prior to 71, update to version 71 or later. For Firefox ESR versions prior to 68.3, update to version 68.3 or later. For Thunderbird versions prior to 68.3, update to version 68.3 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-3237
ALT-PU-2019-3239
ALT-PU-2019-3264
ALT-PU-2020-1166
ALT-PU-2020-1515
ALT-PU-2020-1617
ALT-PU-2020-2408
ALT-PU-2020-2933
ALT-PU-2021-1368
BDU:2020-01797
CESA-2019_4107
CESA-2019_4108
CESA-2019_4111
CESA-2019_4148
CESA-2019_4195
CESA-2019_4205
CVE-2019-17008
DLA-2029-1
DLA-2036-1
DSA-4580-1
DSA-4585-1
MGASA-2019-0376
MGASA-2019-0377
OPENSUSE-SU-2020:0002-1
OPENSUSE-SU-2020:0003-1
OPENSUSE-SU-2020_0002-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:4107
RHSA-2019:4108
RHSA-2019:4111
RHSA-2019:4148
RHSA-2019:4195
RHSA-2019:4205
RHSA-2019_4107
RHSA-2019_4108
RHSA-2019_4111
RHSA-2019_4148
RHSA-2019_4195
RHSA-2019_4205
RHSA-2020:0292
RHSA-2020:0295
SUSE-SU-2019:14260-1
SUSE-SU-2019:3337-1
SUSE-SU-2019:3339-1
SUSE-SU-2019:3347-1
SUSE-SU-2019_14260-1
USN-4216-1
USN-4216-2
USN-4241-1
USN-4335-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu