CVE-2019-11709

CVE-2019-11709

Name

CVE-2019-11709

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Broken Link	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-21/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-22/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-23/
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
MLIST	https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
MLIST	https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
GENTOO	https://security.gentoo.org/glsa/201908-12
GENTOO	https://security.gentoo.org/glsa/201908-20
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

Type

URI

Broken Link

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-21/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-22/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-23/

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html

MLIST

https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html

MLIST

https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html

GENTOO

https://security.gentoo.org/glsa/201908-12

GENTOO

https://security.gentoo.org/glsa/201908-20

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:mozilla:firefox::::::::`	firefox	>= None	< 68.0
`cpe:2.3:a:mozilla:firefox_esr::::::::`	firefox_esr	>= None	< 60.8.0
`cpe:2.3:a:mozilla:thunderbird::::::::`	thunderbird	>= None	< 60.8.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

firefox

>= None

< 68.0

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

firefox_esr

>= None

< 60.8.0

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

thunderbird

>= None

< 60.8.0

References

Match rules

Vulnerable and fixed packages