Thunderbird - (bulletinjan2017)ID: oval:org.secpod.oval:def:2100689 | Date: (C)2019-12-30 (M)2023-12-07 |
Class: PATCH | Family: unix |
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
Product: |
web/data/firefox-bookmarks |
web/browser/firefox |
mail/thunderbird |
mail/thunderbird/plugin/thunderbird-lightning |
developer/yasm |