Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-9796

Опубликовано: 26 апр. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5
CVSS3: 9.8

Описание

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

РелизСтатусПримечание
bionic

released

66.0+build3-0ubuntu0.18.04.1
cosmic

released

66.0+build3-0ubuntu0.18.10.1
devel

released

66.0+build3-0ubuntu1
disco

released

66.0+build3-0ubuntu1
eoan

released

66.0+build3-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [66.0.1+build1-0ubuntu0.14.04.1]]
esm-infra/focal

DNE

focal

released

66.0+build3-0ubuntu1
groovy

released

66.0+build3-0ubuntu1
hirsute

released

66.0+build3-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

released

1:60.6.1+build2-0ubuntu0.18.04.1
cosmic

released

1:60.6.1+build2-0ubuntu0.18.10.1
devel

released

60.6.1+build2-0ubuntu1
disco

released

60.6.1+build2-0ubuntu1
eoan

released

60.6.1+build2-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1:60.6.1+build2-0ubuntu0.14.04.1]]
esm-infra/focal

DNE

focal

released

60.6.1+build2-0ubuntu1
groovy

released

60.6.1+build2-0ubuntu1
hirsute

released

60.6.1+build2-0ubuntu1

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-9796

CVSS3: 9.8
redhat
почти 7 лет назад

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

nvd логотип

CVE-2019-9796

CVSS3: 9.8
nvd
почти 7 лет назад

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

debian логотип

CVE-2019-9796

CVSS3: 9.8
debian
почти 7 лет назад

A use-after-free vulnerability can occur when the SMIL animation contr ...

github логотип

GHSA-43x5-8m6r-mx5q

CVSS3: 9.8
github
больше 3 лет назад

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

fstec логотип

BDU:2020-00746

CVSS3: 9.8
fstec
почти 7 лет назад

Уязвимость контроллера анимации SMIL почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность

7.5 High

CVSS2

9.8 Critical

CVSS3