Описание
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 71.0-1 | package | |
| firefox-esr | fixed | 68.3.0esr-1 | package | |
| thunderbird | fixed | 1:68.3.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
EPSS
Связанные уязвимости
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Уязвимость механизма использования nested workers браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использование области памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
EPSS