CVE-2019-11759

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1577953

https://security.gentoo.org/glsa/202003-10

https://www.mozilla.org/security/advisories/mfsa2019-33/

https://www.mozilla.org/security/advisories/mfsa2019-34/

https://www.mozilla.org/security/advisories/mfsa2019-35/

Details

Source: MITRE

Published: 2020-01-08

Updated: 2020-03-14

Type: CWE-120

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145641CentOS 8 : thunderbird (CESA-2019:3237)NessusCentOS Local Security Checks
high
145572CentOS 8 : firefox (CESA-2019:3196)NessusCentOS Local Security Checks
high
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
critical
134587GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
134411NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)NessusNewStart CGSL Local Security Checks
critical
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
133080NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0004)NessusNewStart CGSL Local Security Checks
high
133071NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)NessusNewStart CGSL Local Security Checks
high
132264Amazon Linux 2 : thunderbird (ALAS-2019-1376)NessusAmazon Linux Local Security Checks
high
132011Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2)NessusUbuntu Local Security Checks
high
131409NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0216)NessusNewStart CGSL Local Security Checks
high
131405NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215)NessusNewStart CGSL Local Security Checks
high
131139Debian DSA-4571-1 : thunderbird - security updateNessusDebian Local Security Checks
high
131136Debian DLA-1997-1 : thunderbird security updateNessusDebian Local Security Checks
high
130977CentOS 6 : thunderbird (CESA-2019:3756)NessusCentOS Local Security Checks
high
130937openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)NessusSuSE Local Security Checks
high
130936openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)NessusSuSE Local Security Checks
high
130890openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459)NessusSuSE Local Security Checks
high
130885openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451)NessusSuSE Local Security Checks
high
130772Debian DLA-1987-1 : firefox-esr security updateNessusDebian Local Security Checks
high
130750Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)NessusScientific Linux Local Security Checks
high
130742RHEL 6 : thunderbird (RHSA-2019:3756)NessusRed Hat Local Security Checks
high
130498Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191031)NessusScientific Linux Local Security Checks
high
130472CentOS 6 : firefox (CESA-2019:3281)NessusCentOS Local Security Checks
high
130450SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1)NessusSuSE Local Security Checks
critical
130449SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1)NessusSuSE Local Security Checks
high
130444RHEL 6 : firefox (RHSA-2019:3281)NessusRed Hat Local Security Checks
high
130436CentOS 7 : thunderbird (CESA-2019:3210)NessusCentOS Local Security Checks
high
130434CentOS 7 : firefox (CESA-2019:3193)NessusCentOS Local Security Checks
high
130415Oracle Linux 8 : thunderbird (ELSA-2019-3237)NessusOracle Linux Local Security Checks
high
130414Oracle Linux 7 : thunderbird (ELSA-2019-3210)NessusOracle Linux Local Security Checks
high
130386Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)NessusScientific Linux Local Security Checks
high
130382RHEL 8 : thunderbird (RHSA-2019:3237)NessusRed Hat Local Security Checks
high
130371RHEL 7 : thunderbird (RHSA-2019:3210)NessusRed Hat Local Security Checks
high
130365Mozilla Thunderbird < 68.2NessusWindows
high
130364Mozilla Thunderbird < 68.2NessusMacOS X Local Security Checks
high
130288Debian DSA-4549-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
130248RHEL 8 : firefox (RHSA-2019:3196)NessusRed Hat Local Security Checks
high
130247Oracle Linux 8 : firefox (ELSA-2019-3196)NessusOracle Linux Local Security Checks
high
130200Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Firefox vulnerabilities (USN-4165-1)NessusUbuntu Local Security Checks
high
130192Scientific Linux Security Update : firefox on SL7.x x86_64 (20191023)NessusScientific Linux Local Security Checks
high
130190RHEL 7 : firefox (RHSA-2019:3193)NessusRed Hat Local Security Checks
high
130184Oracle Linux 7 : firefox (ELSA-2019-3193)NessusOracle Linux Local Security Checks
high
130172Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilitiesNessusWindows
high
130171Mozilla Firefox ESR 68.x < 68.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
130170Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusWindows
high
130169Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
130158Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01)NessusSlackware Local Security Checks
high