CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

Race condition

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

Design/Logic Flaw

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

Memory corruption

During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...

Race condition

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

Design/Logic Flaw

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17008

CVE-2019-17008 describes a use-after-free vulnerability that can occur during the destruction of nested workers, leading to a potentially exploitable crash. Affected products include Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

Stack overflow

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

Design/Logic Flaw

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, an...

CVE-2019-11760

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

CVE-2019-11757

CVE-2019-11757 affects Mozilla Firefox (versions before 70) and Firefox ESR (before 68.2) as well as Thunderbird (before 68.2). The issue stems from following a value’s prototype chain, which allowed retaining a reference to a locale, deleting it, and then referencing it again, causing a use-afte...