Уязвимость типа "использование после освобождения" (use-after-free) при работе с MessagePort в Firefox, Firefox ESR и Thunderbird
Описание
Существовала возможность использования объекта MessagePort после его освобождения, что могло привести к эксплуатируемому аварийному завершению работы.
Затронутые версии ПО
- Firefox < 120
- Firefox ESR < 115.5.0
- Thunderbird < 115.5
Тип уязвимости
- Использование после освобождения (Use-After-Free)
- Аварийное завершение работы (crash)
Ссылки
- Issue TrackingPermissions Required
- Mailing List
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Issue TrackingPermissions Required
- Mailing List
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
It was possible to cause the use of a MessagePort after it had already ...
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.
Уязвимость функции MessagePort::Entangled() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие
EPSS
6.5 Medium
CVSS3