Описание
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-11757
- https://bugzilla.mozilla.org/show_bug.cgi?id=1577107
- https://security.gentoo.org/glsa/202003-10
- https://usn.ubuntu.com/4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-33
- https://www.mozilla.org/security/advisories/mfsa2019-34
- https://www.mozilla.org/security/advisories/mfsa2019-35
Связанные уязвимости
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
When following the value's prototype chain, it was possible to retain ...
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная связанна с ошибкой сохранения цепочки файлов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании