CVE-2019-9796
Mozilla: Use-after-free with SMIL animation controller
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
Una vulnerabilidad de uso después de liberación de memoria puede darse cuando el controlador de animación SMIL registra incorrectamente con el controlador de actualización dos veces cuando sólo se espera un único registro. Cuando se libera un registro con la eliminación del elemento de controlador de animación, el controlador de actualización deja incorrectamente un puntero pendiente en la matriz de observadores del controlador. Esta vulnerabilidad afecta a Thunderbird, versiones anteriores a 60.6, Firefox ESR, versiones anteriores a 60.6 y Firefox. versiones anteriores a 66.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-14 CVE Reserved
- 2019-03-20 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:0966 | 2019-06-26 | |
https://access.redhat.com/errata/RHSA-2019:1144 | 2019-06-26 | |
https://www.mozilla.org/security/advisories/mfsa2019-07 | 2019-06-26 | |
https://www.mozilla.org/security/advisories/mfsa2019-08 | 2019-06-26 | |
https://www.mozilla.org/security/advisories/mfsa2019-11 | 2019-06-26 | |
https://access.redhat.com/security/cve/CVE-2019-9796 | 2019-05-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1690681 | 2019-05-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 66.0 Search vendor "Mozilla" for product "Firefox" and version " < 66.0" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 60.6.0 Search vendor "Mozilla" for product "Firefox Esr" and version " < 60.6.0" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 60.6.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 60.6.0" | - |
Affected
|