CVE-2019-11693Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-125Out-of-bounds Read16 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+3 more
Timeline
PublishedJul 23
Latest updateMay 24

Description

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

debiandebian/firefox< firefox 67.0-2 (sid)
CVEListV5mozilla/firefoxunspecified67
NVDmozilla/firefox< 60.7.0+1
debiandebian/firefox-esr< firefox 67.0-2 (sid)
CVEListV5mozilla/firefox_esrunspecified60.7

🔴Vulnerability Details

6
GHSA
GHSA-rm3r-xfmr-5622: The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux2022-05-24
OSV
CVE-2019-11693: The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux2019-07-23
OSV
firefox regression2019-06-14
OSV
firefox regression2019-06-06
OSV
thunderbird vulnerabilities2019-05-28

📋Vendor Advisories

7
Ubuntu
Firefox regression2019-06-14
Ubuntu
Firefox regression2019-06-06
Ubuntu
Thunderbird vulnerabilities2019-05-28
Red Hat
Mozilla: Buffer overflow in WebGL bufferdata on Linux2019-05-22
Ubuntu
Firefox vulnerabilities2019-05-21

💬Community

2
Bugzilla
CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux2019-05-22
Bugzilla
CVE-2019-6286 libsass: heap-based buffer over-read in Sass::Prelexer::skip_over_scopes in prelexer.hpp2019-01-23