Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-11691 - log back

CVE-2019-11691 created at 25 Sep 2019 19:31:40

Severity

+

Critical

Remote

+

Remote

Type

+	Arbitrary code execution

Description

+	A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1542465

Notes