Use-after-free vulnerability in SMIL animation controller registration

Use-after-free vulnerability in SMIL animation controller registration

CVE-2019-9796 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

Learn more about our Cis Benchmark Audit For Server Software.