CVE-2019-11691 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash.
Group Package Affected Fixed Severity Status Ticket
AVG-966 firefox 66.0.5-1 67.0-1 Critical Fixed
AVG-965 thunderbird 60.6.1-2 60.7.0-1 Critical Fixed
Date Advisory Group Package Severity Description
23 May 2019 ASA-201905-9 AVG-966 firefox Critical multiple issues
23 May 2019 ASA-201905-8 AVG-965 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
https://bugzilla.mozilla.org/show_bug.cgi?id=1542465