CVE-2019-11709

CRITICAL

Mozilla Firefox <68 - Memory Corruption

Title source: llm
STIX 2.1

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

References (13)

Core 13
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-12
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-20
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html

Scores

CVSS v3 9.8
EPSS 0.0253
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (6)
debian/debian_linux 8.0
mozilla/firefox < 60.8.0
mozilla/thunderbird < 60.8.0
opensuse/leap 15.0
opensuse/leap 15.1
suse/package_hub
Published Jul 23, 2019
Tracked Since Feb 18, 2026