First published: Tue Mar 19 2019(Updated: )
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <60.6 | 60.6 |
Mozilla Firefox ESR | <60.6 | 60.6 |
Mozilla Firefox | <66 | 66 |
Mozilla Firefox | <=66.0 | |
Mozilla Firefox ESR | <=60.6 | |
Mozilla Thunderbird | <=60.6 | |
debian/firefox | 132.0.2-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.4.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.4.0esr-1~deb12u1 128.4.0esr-1 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.4.3esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.4.3esr-1~deb12u1 1:128.4.3esr-1 | |
<=66.0 | ||
<=60.6 | ||
<=60.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-9790 is a use-after-free vulnerability in Mozilla Firefox and Thunderbird.
CVE-2019-9790 occurs when a raw pointer to a DOM element is obtained using JavaScript and the element is then removed while still in use.
CVE-2019-9790 affects Thunderbird versions less than 60.6, Firefox ESR versions less than 60.6, and Firefox versions less than 66.
CVE-2019-9790 has a severity rating of critical.
To fix CVE-2019-9790, update to Mozilla Firefox version 66 or higher, or update to Thunderbird version 60.6 or higher.