← Back

CVE-2019-11709

nvd nist
Published: Jul 23, 2019Modified: Nov 25, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Affected (7)

Products: Mozilla: Firefox, Thunderbird · Opensuse: Leap · Suse: Package Hub · +1 more
Show all products
Mozilla: Firefox, Thunderbird · Opensuse: Leap · Suse: Package Hub · Debian: Debian Linux
Mozilla
2 products
Firefox
Thunderbird
Opensuse
1 product
Leap
Suse
1 product
Package Hub
Debian
1 product
Debian Linux
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Before 60.8.0
Firefox
Before 68.0
Thunderbird
Before 60.8.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Leap
Version 15.0
Leap
Version 15.1
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Package Hub
All versions
Running on/withPlatform Versions
Suse
Linux Enterprise
Version 12.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (26)

Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Issue TrackingVendor Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.