Описание
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 94.0+build3-0ubuntu0.18.04.1 |
| devel | not-affected | 94.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | not-affected | 94.0+build3-0ubuntu0.20.04.1 |
| hirsute | not-affected | 94.0+build3-0ubuntu0.21.04.1 |
| impish | not-affected | 94.0+build3-0ubuntu0.21.10.1 |
| jammy | not-affected | 94.0+build3-0ubuntu1 |
| kinetic | not-affected | 94.0+build3-0ubuntu1 |
| lunar | not-affected | 94.0+build3-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:91.5.0+build1-0ubuntu0.18.04.1 |
| devel | not-affected | 1:91.3.1+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:91.5.0+build1-0ubuntu0.20.04.1 |
| hirsute | ignored | end of life |
| impish | not-affected | 1:91.3.1+build1-0ubuntu0.21.10.1 |
| jammy | not-affected | 1:91.3.1+build1-0ubuntu1 |
| kinetic | not-affected | 1:91.3.1+build1-0ubuntu1 |
| lunar | not-affected | 1:91.3.1+build1-0ubuntu1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
A use-after-free could have occured when an HTTP2 session object was r ...
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3