Описание
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2019:1765 | 11.07.2019 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2019:1777 | 15.07.2019 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2019:1763 | 11.07.2019 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2019:1775 | 15.07.2019 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2019:1764 | 11.07.2019 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2019:1799 | 16.07.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Уязвимость реализации сетевого протокола HTTP/2 браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3