ASA-2019-00434 – Mozilla Firefox: NeckoChild can trigger crash when accessed off of main thread

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00434

Identifier(s)

ASA-2019-00434, CVE-2019-11714, MFSA2019-21

Title

NeckoChild can trigger crash when accessed off of main thread

Vendor(s)

Mozilla

Product(s)

Mozilla Firefox

Affected version(s)

Mozilla Firefox version before 68

Fixed version(s)

Mozilla Firefox version 68

Proof of concept

Unknown

Description

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.

Technical details

Unknown

Credits

Hanno Böck

Reference(s)

Mozilla Foundation Security Advisory 2019-21
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714

Bug 1542593
https://bugzilla.mozilla.org/show_bug.cgi?id=1542593

CVE-2019-11714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11714

CVE-2019-11714
https://nvd.nist.gov/vuln/detail/CVE-2019-11714

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 17, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.