CVE-2019-9818 | Date: (C)2019-07-24 (M)2024-03-27 |
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 8.3 | CVSS Score : 6.8 |
Exploit Score: 1.6 | Exploit Score: 8.6 |
Impact Score: 6.0 | Impact Score: 6.4 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: HIGH | Access Complexity: MEDIUM |
Privileges Required: NONE | Authentication: NONE |
User Interaction: REQUIRED | Confidentiality: PARTIAL |
Scope: CHANGED | Integrity: PARTIAL |
Confidentiality: HIGH | Availability: PARTIAL |
Integrity: HIGH | |
Availability: HIGH | |
| |