Note:
This project will be discontinued after December 13, 2021. [more]
2020-07-09
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
| Products | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird |
| Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) Use After Free (CWE-416) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugzilla.mozilla.org/show_bug.cgi?id=1631618
• https://www.mozilla.org/security/advisories/mfsa2020-22/ • https://usn.ubuntu.com/4421-1/ • https://www.mozilla.org/security/advisories/mfsa2020-21/ • https://www.mozilla.org/security/advisories/mfsa2020-20/ |