Уязвимость выполнения произвольного кода через использование ранее освобождённых объектов в режиме Responsive Design в Mozilla Firefox ESR, Thunderbird и Firefox
Описание
Когда режим Responsive Design активен, он использует ссылки на объекты, которые ранее были освобождены. Это может быть использовано злоумышленником для выполнения произвольного кода.
Затронутые версии ПО
- Firefox ESR до версии 78.10
- Thunderbird до версии 78.10
- Firefox до версии 88
Тип уязвимости
Выполнение произвольного кода
Ссылки
- Issue TrackingPermissions RequiredVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
When Responsive Design Mode was enabled, it used references to objects ...
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Уязвимость режима адаптивного дизайна (Responsive Design Mode) почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3
5.1 Medium
CVSS2