CVE-2019-11752
27.09.2019, 18:15
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 69.0 |
| mozilla | firefox_esr | 𝑥 < 60.9.0 |
| mozilla | firefox_esr | 68.0 ≤ 𝑥 < 68.1.0 |
| mozilla | thunderbird | 𝑥 < 60.9.0 |
| mozilla | thunderbird | 68.0 ≤ 𝑥 < 68.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| firefox-esr |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||||||||||||
| mozjs60 |
| ||||||||||||||||||||||||||||
| thunderbird |
|
Common Weakness Enumeration
References