When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Reporter | Title | Published | Views | Family All 146 |
---|---|---|---|---|
Cvelist | CVE-2019-11757 | 8 Jan 202019:26 | – | cvelist |
Veracode | Denial Of Service (DoS) | 24 Oct 201900:22 | – | veracode |
NVD | CVE-2019-11757 | 8 Jan 202020:15 | – | nvd |
CVE | CVE-2019-11757 | 8 Jan 202020:15 | – | cve |
Prion | Design/Logic Flaw | 8 Jan 202020:15 | – | prion |
AlpineLinux | CVE-2019-11757 | 8 Jan 202020:15 | – | alpinelinux |
Debian CVE | CVE-2019-11757 | 8 Jan 202020:15 | – | debiancve |
RedhatCVE | CVE-2019-11757 | 23 Oct 201906:20 | – | redhatcve |
IBM Security Bulletins | Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF09 | 19 Dec 201905:23 | – | ibm |
Tenable Nessus | Debian DLA-1987-1 : firefox-esr security update | 12 Nov 201900:00 | – | nessus |
OS | OS Version | Architecture | Package | Package Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | 70.0+build2-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | firefox | 70.0+build2-0ubuntu0.19.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | firefox | 70.0+build2-0ubuntu0.19.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | 70.0+build2-0ubuntu1 | UNKNOWN |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo