A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
Acknowledgments: Name: the Mozilla project Upstream: Nils
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1265 https://access.redhat.com/errata/RHSA-2019:1265
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1267 https://access.redhat.com/errata/RHSA-2019:1267
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1269 https://access.redhat.com/errata/RHSA-2019:1269
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1308
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1309
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1310 https://access.redhat.com/errata/RHSA-2019:1310