CVE-2019-11752

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1501152

https://usn.ubuntu.com/4150-1/

https://www.mozilla.org/security/advisories/mfsa2019-25/

https://www.mozilla.org/security/advisories/mfsa2019-26/

https://www.mozilla.org/security/advisories/mfsa2019-27/

https://www.mozilla.org/security/advisories/mfsa2019-29/

https://www.mozilla.org/security/advisories/mfsa2019-30/

Details

Source: MITRE

Published: 2019-09-27

Updated: 2019-10-04

Type: CWE-416

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (54 total)

IDNameProductFamilySeverity
150554SUSE SLES11 Security Update : MozillaFirefox, firefox-glib2, firefox-gtk3 (SUSE-SU-2019:14173-1)NessusSuSE Local Security Checks
high
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145625CentOS 8 : firefox (CESA-2019:2663)NessusCentOS Local Security Checks
high
134411NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)NessusNewStart CGSL Local Security Checks
critical
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
132503NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0233)NessusNewStart CGSL Local Security Checks
high
132473NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0231)NessusNewStart CGSL Local Security Checks
high
131267GLSA-201911-07 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
129935NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0190)NessusNewStart CGSL Local Security Checks
high
129926NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0192)NessusNewStart CGSL Local Security Checks
high
129772SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2620-1)NessusSuSE Local Security Checks
high
129665openSUSE Security Update : MozillaFirefox (openSUSE-2019-2260)NessusSuSE Local Security Checks
high
129664openSUSE Security Update : MozillaFirefox (openSUSE-2019-2251)NessusSuSE Local Security Checks
high
129663openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2249)NessusSuSE Local Security Checks
high
129662openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2248)NessusSuSE Local Security Checks
high
129583SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:2545-1)NessusSuSE Local Security Checks
high
129562Amazon Linux 2 : thunderbird (ALAS-2019-1304)NessusAmazon Linux Local Security Checks
high
129286SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2436-1)NessusSuSE Local Security Checks
high
129093Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190919)NessusScientific Linux Local Security Checks
high
129088Oracle Linux 6 : thunderbird (ELSA-2019-2807)NessusOracle Linux Local Security Checks
high
129042Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190918)NessusScientific Linux Local Security Checks
high
129041RHEL 6 : thunderbird (RHSA-2019:2807)NessusRed Hat Local Security Checks
high
129037RHEL 7 : thunderbird (RHSA-2019:2773)NessusRed Hat Local Security Checks
high
129025Debian DLA-1926-1 : thunderbird security updateNessusDebian Local Security Checks
high
129024CentOS 7 : thunderbird (CESA-2019:2773)NessusCentOS Local Security Checks
high
129023CentOS 7 : firefox (CESA-2019:2729)NessusCentOS Local Security Checks
high
128980Oracle Linux 8 : thunderbird (ELSA-2019-2774)NessusOracle Linux Local Security Checks
high
128976CentOS 6 : firefox (CESA-2019:2694)NessusCentOS Local Security Checks
high
128972Mozilla Thunderbird < 68.1 Multiple VulnerabilitiesNessusWindows
high
128971Mozilla Thunderbird < 68.1 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
128962RHEL 8 : thunderbird (RHSA-2019:2774)NessusRed Hat Local Security Checks
high
128961Oracle Linux 7 : thunderbird (ELSA-2019-2773)NessusOracle Linux Local Security Checks
high
128861Scientific Linux Security Update : firefox on SL7.x x86_64 (20190911)NessusScientific Linux Local Security Checks
high
128853RHEL 7 : firefox (RHSA-2019:2729)NessusRed Hat Local Security Checks
high
128783Debian DSA-4523-1 : thunderbird - security updateNessusDebian Local Security Checks
high
128775Mozilla Thunderbird < 60.9 Multiple VulnerabilitiesNessusWindows
high
128774Mozilla Thunderbird < 60.9 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
128747Oracle Linux 7 : firefox (ELSA-2019-2729)NessusOracle Linux Local Security Checks
high
128667Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190910)NessusScientific Linux Local Security Checks
high
128660RHEL 6 : firefox (RHSA-2019:2694)NessusRed Hat Local Security Checks
high
128656Oracle Linux 6 : firefox (ELSA-2019-2694)NessusOracle Linux Local Security Checks
high
128599Oracle Linux 8 : firefox (ELSA-2019-2663)NessusOracle Linux Local Security Checks
high
128555Debian DLA-1910-1 : firefox-esr security updateNessusDebian Local Security Checks
high
128534Debian DSA-4516-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
128530Mozilla Firefox ESR < 60.9NessusWindows
high
128529Mozilla Firefox ESR < 60.9NessusMacOS X Local Security Checks
high
128528Mozilla Firefox ESR < 68.1NessusWindows
high
128527Mozilla Firefox ESR < 68.1NessusMacOS X Local Security Checks
high
128525Mozilla Firefox < 69.0NessusWindows
high
128524Mozilla Firefox < 69.0NessusMacOS X Local Security Checks
high
128521Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : firefox vulnerabilities (USN-4122-1)NessusUbuntu Local Security Checks
high
128517RHEL 8 : firefox (RHSA-2019:2663)NessusRed Hat Local Security Checks
high
128491FreeBSD : mozilla -- multiple vulnerabilities (05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6)NessusFreeBSD Local Security Checks
high