CVE-2019-17011Race Condition in Mozilla Firefox

CWE-362Race ConditionCWE-416Use After Free13 documents8 sources
Severity
7.5HIGHNVD
OSV8.8
EPSS
1.3%
top 20.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla ThunderbirdMozilla FirefoxMozilla Firefox ESR+2 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages9 packages

NVDmozilla/firefox< 71.0
Debianmozilla/thunderbird< 1:68.3.0-1+3
Ubuntumozilla/thunderbird< 1:68.7.0+build1-0ubuntu0.16.04.2+1

Also affects: Ubuntu Linux 16.04, 18.04, 19.10

🔴Vulnerability Details

5
GHSA
GHSA-qqwr-j46x-f6mj: Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition2022-05-24
OSV
thunderbird vulnerabilities2020-04-21
OSV
thunderbird vulnerabilities2020-01-16
CVEList
CVE-2019-17011: Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition2020-01-08
OSV
CVE-2019-17011: Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition2020-01-08

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2020-04-21
Ubuntu
Thunderbird vulnerabilities2020-01-16
Ubuntu
Firefox vulnerabilities2019-12-13
Ubuntu
Firefox vulnerabilities2019-12-09
Red Hat
Mozilla: Use-after-free when retrieving a document in antitracking2019-12-03

💬Community

1
Bugzilla
CVE-2019-17011 Mozilla: Use-after-free when retrieving a document in antitracking2019-12-04
CVE-2019-17011 — Race Condition in Mozilla Firefox | cvebase