Bug 1712627 (CVE-2019-9818) - CVE-2019-9818 Mozilla: Use-after-free in crash generation server
Summary: CVE-2019-9818 Mozilla: Use-after-free in crash generation server
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-9818
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1709216 1714079
TreeView+ depends on / blocked
 
Reported: 2019-05-22 01:46 UTC by Doran Moppert
Modified: 2021-02-16 21:55 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-22 07:40:29 UTC


Attachments (Terms of Use)

Description Doran Moppert 2019-05-22 01:46:54 UTC
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. 

*Note: this vulnerability only affects Windows. Other operating systems are unaffected.*



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818

Comment 1 Doran Moppert 2019-05-22 01:46:56 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Thomas Imbert


Note You need to log in before you can comment on or make changes to this bug.