Описание
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
A flaw was found in Mozilla Firefox and Thunderbird. When running shutdown code for Web Worker, a race condition occurs leading to a use-after-free memory flaw that could lead to an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 5 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2020:2036 | 06.05.2020 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2020:2049 | 11.05.2020 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2020:2037 | 06.05.2020 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2020:2050 | 11.05.2020 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2020:2031 | 06.05.2020 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2020:2046 | 11.05.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | firefox | Fixed | RHSA-2020:2033 | 06.05.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2020:2048 | 11.05.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
A race condition when running shutdown code for Web Worker led to a us ...
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Уязвимость средства для запуска сценариев Web Worker веб-браузеров Firefox ESR и Firefox и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3