CVE-2019-11757

MEDIUM

Description

When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1577107

https://security.gentoo.org/glsa/202003-10

https://www.mozilla.org/security/advisories/mfsa2019-33/

https://www.mozilla.org/security/advisories/mfsa2019-34/

https://www.mozilla.org/security/advisories/mfsa2019-35/

Details

Source: MITRE

Published: 2020-01-08

Updated: 2020-03-14

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145641CentOS 8 : thunderbird (CESA-2019:3237)NessusCentOS Local Security Checks
medium
145572CentOS 8 : firefox (CESA-2019:3196)NessusCentOS Local Security Checks
medium
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
high
134587GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
134411NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)NessusNewStart CGSL Local Security Checks
critical
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
133080NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0004)NessusNewStart CGSL Local Security Checks
medium
133071NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)NessusNewStart CGSL Local Security Checks
medium
132264Amazon Linux 2 : thunderbird (ALAS-2019-1376)NessusAmazon Linux Local Security Checks
medium
132011Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2)NessusUbuntu Local Security Checks
medium
131409NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0216)NessusNewStart CGSL Local Security Checks
medium
131405NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215)NessusNewStart CGSL Local Security Checks
medium
131139Debian DSA-4571-1 : thunderbird - security updateNessusDebian Local Security Checks
medium
131136Debian DLA-1997-1 : thunderbird security updateNessusDebian Local Security Checks
medium
130977CentOS 6 : thunderbird (CESA-2019:3756)NessusCentOS Local Security Checks
medium
130937openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)NessusSuSE Local Security Checks
medium
130936openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)NessusSuSE Local Security Checks
medium
130890openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459)NessusSuSE Local Security Checks
medium
130885openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451)NessusSuSE Local Security Checks
medium
130772Debian DLA-1987-1 : firefox-esr security updateNessusDebian Local Security Checks
medium
130750Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)NessusScientific Linux Local Security Checks
medium
130742RHEL 6 : thunderbird (RHSA-2019:3756)NessusRed Hat Local Security Checks
medium
130498Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191031)NessusScientific Linux Local Security Checks
medium
130472CentOS 6 : firefox (CESA-2019:3281)NessusCentOS Local Security Checks
medium
130450SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1)NessusSuSE Local Security Checks
critical
130449SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1)NessusSuSE Local Security Checks
medium
130444RHEL 6 : firefox (RHSA-2019:3281)NessusRed Hat Local Security Checks
medium
130436CentOS 7 : thunderbird (CESA-2019:3210)NessusCentOS Local Security Checks
medium
130434CentOS 7 : firefox (CESA-2019:3193)NessusCentOS Local Security Checks
medium
130415Oracle Linux 8 : thunderbird (ELSA-2019-3237)NessusOracle Linux Local Security Checks
medium
130414Oracle Linux 7 : thunderbird (ELSA-2019-3210)NessusOracle Linux Local Security Checks
medium
130386Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)NessusScientific Linux Local Security Checks
medium
130382RHEL 8 : thunderbird (RHSA-2019:3237)NessusRed Hat Local Security Checks
medium
130371RHEL 7 : thunderbird (RHSA-2019:3210)NessusRed Hat Local Security Checks
medium
130365Mozilla Thunderbird < 68.2NessusWindows
medium
130364Mozilla Thunderbird < 68.2NessusMacOS X Local Security Checks
medium
130288Debian DSA-4549-1 : firefox-esr - security updateNessusDebian Local Security Checks
medium
130248RHEL 8 : firefox (RHSA-2019:3196)NessusRed Hat Local Security Checks
medium
130247Oracle Linux 8 : firefox (ELSA-2019-3196)NessusOracle Linux Local Security Checks
medium
130200Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Firefox vulnerabilities (USN-4165-1)NessusUbuntu Local Security Checks
medium
130192Scientific Linux Security Update : firefox on SL7.x x86_64 (20191023)NessusScientific Linux Local Security Checks
medium
130190RHEL 7 : firefox (RHSA-2019:3193)NessusRed Hat Local Security Checks
medium
130184Oracle Linux 7 : firefox (ELSA-2019-3193)NessusOracle Linux Local Security Checks
medium
130172Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilitiesNessusWindows
medium
130171Mozilla Firefox ESR 68.x < 68.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
130170Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusWindows
medium
130169Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
130158Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01)NessusSlackware Local Security Checks
medium