Описание
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 93.0-1 | package | |
| firefox-esr | fixed | 91.3.0esr-1 | package | |
| thunderbird | fixed | 1:91.3.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
EPSS
Связанные уязвимости
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код
EPSS