github - ghsa-qqwr-j46x-f6mj

ghsa-qqwr-j46x-f6mj

Vulnerability from github

Published

2022-05-24 17:05

Modified

2022-05-24 17:05

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-17011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-08T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
  "id": "GHSA-qqwr-j46x-f6mj",
  "modified": "2022-05-24T17:05:49Z",
  "published": "2022-05-24T17:05:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17011"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0292"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0295"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1591334"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-02"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-10"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4241-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4335-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-36"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-37"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-38"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2019-17011

Vulnerability from cvelistv5

Published

2020-01-08 21:23

Modified

2024-08-05 01:24

Severity

Summary

References

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1591334	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2019-36/	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2019-38/	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2019-37/	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html	vendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/4241-1/	vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2020:0292	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0295	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/202003-02	vendor-advisory, x_refsource_GENTOO
https://security.gentoo.org/glsa/202003-10	vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/4335-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor	Product
Mozilla	Thunderbird
Mozilla	Firefox ESR
Mozilla	Firefox

Show details on NVD website