CVE-2019-11764

MEDIUM

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599

https://security.gentoo.org/glsa/202003-10

https://www.mozilla.org/security/advisories/mfsa2019-33/

https://www.mozilla.org/security/advisories/mfsa2019-34/

https://www.mozilla.org/security/advisories/mfsa2019-35/

Details

Source: MITRE

Published: 2020-01-08

Updated: 2020-03-14

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (50 total)

ID	Name	Product	Family	Severity
147407	NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)	Nessus	NewStart CGSL Local Security Checks	critical
147312	NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)	Nessus	NewStart CGSL Local Security Checks	critical
145641	CentOS 8 : thunderbird (CESA-2019:3237)	Nessus	CentOS Local Security Checks	medium
145572	CentOS 8 : firefox (CESA-2019:3196)	Nessus	CentOS Local Security Checks	medium
135896	Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)	Nessus	Ubuntu Local Security Checks	high
134587	GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134411	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)	Nessus	NewStart CGSL Local Security Checks	critical
134410	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)	Nessus	NewStart CGSL Local Security Checks	critical
133080	NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0004)	Nessus	NewStart CGSL Local Security Checks	medium
133071	NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)	Nessus	NewStart CGSL Local Security Checks	medium
132264	Amazon Linux 2 : thunderbird (ALAS-2019-1376)	Nessus	Amazon Linux Local Security Checks	medium
132011	Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2)	Nessus	Ubuntu Local Security Checks	medium
131409	NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0216)	Nessus	NewStart CGSL Local Security Checks	medium
131405	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215)	Nessus	NewStart CGSL Local Security Checks	medium
131139	Debian DSA-4571-1 : thunderbird - security update	Nessus	Debian Local Security Checks	medium
131136	Debian DLA-1997-1 : thunderbird security update	Nessus	Debian Local Security Checks	medium
130977	CentOS 6 : thunderbird (CESA-2019:3756)	Nessus	CentOS Local Security Checks	medium
130937	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)	Nessus	SuSE Local Security Checks	medium
130936	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)	Nessus	SuSE Local Security Checks	medium
130890	openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459)	Nessus	SuSE Local Security Checks	medium
130885	openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451)	Nessus	SuSE Local Security Checks	medium
130772	Debian DLA-1987-1 : firefox-esr security update	Nessus	Debian Local Security Checks	medium
130750	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)	Nessus	Scientific Linux Local Security Checks	medium
130742	RHEL 6 : thunderbird (RHSA-2019:3756)	Nessus	Red Hat Local Security Checks	medium
130498	Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20191031)	Nessus	Scientific Linux Local Security Checks	medium
130472	CentOS 6 : firefox (CESA-2019:3281)	Nessus	CentOS Local Security Checks	medium
130450	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1)	Nessus	SuSE Local Security Checks	critical
130449	SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1)	Nessus	SuSE Local Security Checks	medium
130444	RHEL 6 : firefox (RHSA-2019:3281)	Nessus	Red Hat Local Security Checks	medium
130436	CentOS 7 : thunderbird (CESA-2019:3210)	Nessus	CentOS Local Security Checks	medium
130434	CentOS 7 : firefox (CESA-2019:3193)	Nessus	CentOS Local Security Checks	medium
130415	Oracle Linux 8 : thunderbird (ELSA-2019-3237)	Nessus	Oracle Linux Local Security Checks	medium
130414	Oracle Linux 7 : thunderbird (ELSA-2019-3210)	Nessus	Oracle Linux Local Security Checks	medium
130386	Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)	Nessus	Scientific Linux Local Security Checks	medium
130382	RHEL 8 : thunderbird (RHSA-2019:3237)	Nessus	Red Hat Local Security Checks	medium
130371	RHEL 7 : thunderbird (RHSA-2019:3210)	Nessus	Red Hat Local Security Checks	medium
130365	Mozilla Thunderbird < 68.2	Nessus	Windows	medium
130364	Mozilla Thunderbird < 68.2	Nessus	MacOS X Local Security Checks	medium
130288	Debian DSA-4549-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	medium
130248	RHEL 8 : firefox (RHSA-2019:3196)	Nessus	Red Hat Local Security Checks	medium
130247	Oracle Linux 8 : firefox (ELSA-2019-3196)	Nessus	Oracle Linux Local Security Checks	medium
130200	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Firefox vulnerabilities (USN-4165-1)	Nessus	Ubuntu Local Security Checks	medium
130192	Scientific Linux Security Update : firefox on SL7.x x86_64 (20191023)	Nessus	Scientific Linux Local Security Checks	medium
130190	RHEL 7 : firefox (RHSA-2019:3193)	Nessus	Red Hat Local Security Checks	medium
130184	Oracle Linux 7 : firefox (ELSA-2019-3193)	Nessus	Oracle Linux Local Security Checks	medium
130172	Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilities	Nessus	Windows	medium
130171	Mozilla Firefox ESR 68.x < 68.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
130170	Mozilla Firefox < 70.0 Multiple Vulnerabilities	Nessus	Windows	medium
130169	Mozilla Firefox < 70.0 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
130158	Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01)	Nessus	Slackware Local Security Checks	medium

CVE-2019-11764

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

medium

medium

high

high

critical

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium