It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.10-community | noarch | firefox-esr | < 69.9.0-r0 | UNKNOWN |
Alpine | 3.11-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.12-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.16-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | firefox-esr | < 68.1.0-r0 | UNKNOWN |