Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-9818

Опубликовано: 23 июл. 2019
Источник: debian

Описание

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxnot-affectedpackage
firefox-esrnot-affectedpackage
thunderbirdnot-affectedpackage

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818

Связанные уязвимости

ubuntu логотип

CVE-2019-9818

CVSS3: 8.3
ubuntu
больше 6 лет назад

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

redhat логотип

CVE-2019-9818

CVSS3: 7.5
redhat
больше 6 лет назад

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

nvd логотип

CVE-2019-9818

CVSS3: 8.3
nvd
больше 6 лет назад

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

github логотип

GHSA-r9p3-38m2-qxq8

github
больше 3 лет назад

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

fstec логотип

BDU:2021-03830

CVSS3: 8.8
fstec
больше 5 лет назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю выйти из изолированной программной среды