CVE-2019-9818

CVE-2019-9818

Name

CVE-2019-9818

Description

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-15/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-14/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-13/
Issue Tracking	https://bugzilla.mozilla.org/show_bug.cgi?id=1542581

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-15/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-14/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-13/

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1542581

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
firefox-esr	edge-community	60.7.0-r0	None	fixed
firefox-esr	3.22-community	60.7.0-r0	None	fixed
firefox-esr	3.21-community	60.7.0-r0	None	fixed
firefox-esr	3.20-community	60.7.0-r0	None	fixed
firefox-esr	3.19-community	60.7.0-r0	None	fixed
firefox-esr	3.18-community	60.7.0-r0	None	fixed
firefox-esr	3.17-community	60.7.0-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

firefox-esr

edge-community

60.7.0-r0

None

fixed

firefox-esr

3.22-community