CVE-2019-11756

Current Description

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Basic Data

PublishedSeptember 27, 2019
Last ModifiedOctober 04, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox********69.0
    2.3ApplicationMozillaFirefox Esr********60.9.0
    2.3ApplicationMozillaFirefox Esr********68.068.1.0
    2.3ApplicationMozillaThunderbird********60.9.0
    2.3ApplicationMozillaThunderbird********68.068.1.0

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *
Mozilla Thunderbird *
Mozilla Firefox Esr *

References

NameSourceURLTags
openSUSE-SU-2019:2249http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlSUSE
openSUSE-SU-2019:2248http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlSUSE
openSUSE-SU-2019:2251http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlSUSE
openSUSE-SU-2019:2260http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlSUSE
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160MISCIssue Tracking Not Applicable Vendor Advisory
GLSA-201911-07https://security.gentoo.org/glsa/201911-07GENTOO
USN-4150-1https://usn.ubuntu.com/4150-1/UBUNTU
https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-25/CONFIRMVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-26/CONFIRMVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-27/https://www.mozilla.org/security/advisories/mfsa2019-27/CONFIRMVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-29/https://www.mozilla.org/security/advisories/mfsa2019-29/CONFIRMVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-30/https://www.mozilla.org/security/advisories/mfsa2019-30/CONFIRMVendor Advisory