CVE-2019-11691 - log back

CVE-2019-11691 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1542465
Notes