CVE-2019-17010

CVSS v3.1 7.5 (High)

CVSS v2.0 5.1 (Medium)

EPSS 1.04 % (84^th)

Affected Products 5

Advisories 31

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-01-08 22:15:11
(4 years ago)
Updated Date: 2022-04-08 14:32:06
(2 years ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Opensuse

Leap

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 71.0 version	cpe:2.3:a:mozilla:firefox	< 71.0
Mozilla Firefox Esr prior 68.3 version	cpe:2.3:a:mozilla:firefox_esr	< 68.3
Mozilla Thunderbird prior 68.3 version	cpe:2.3:a:mozilla:thunderbird	< 68.3

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10