CVE-2019-17011

 

Published at: - 08-01-2020 11:15

Last modified: - 24-09-2022 03:03

Total changes: - 4

Description

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://bugzilla.mozilla.org/show_bug.cgi?id=1591334
• https://www.mozilla.org/security/advisories/mfsa2019-38/
• https://www.mozilla.org/security/advisories/mfsa2019-37/
• https://www.mozilla.org/security/advisories/mfsa2019-36/
• openSUSE-SU-2020:0002-Mailing List, Third Party Advisory
• openSUSE-SU-2020:0003-Mailing List, Third Party Advisory
• USN-4241-1-Third Party Advisory
• RHSA-2020:0295-Third Party Advisory
• RHSA-2020:0292-Third Party Advisory
• GLSA-202003-02-Third Party Advisory
• GLSA-202003-10-Third Party Advisory
• USN-4335-1-Third Party Advisory

 

Keywords

NVD

 

CVE-2019-17011

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures