CVE-2019-11757 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the value's prototype chain is followed and it was possible to retain a reference to a locale, delete it, and subsequently reference it.
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
AVG-1054 thunderbird 68.1.1-1 68.2.0-1 Critical Fixed
Date Advisory Group Package Severity Description
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
26 Oct 2019 ASA-201910-15 AVG-1054 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
https://bugzilla.mozilla.org/show_bug.cgi?id=1577107