CVE-2019-11714 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation CWE-567 — Unsynchronized Access to Shared Data in a Multithreaded Context10 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 26.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJul 23

Latest updateMay 24

Description

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/firefox< firefox 68.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 68

▶NVDmozilla/firefox< 68.0

▶Ubuntumozilla/firefox< 68.0+build3-0ubuntu0.16.04.1+3

🔴Vulnerability Details

GHSA

GHSA-xp69-qpvf-q5f5: Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances↗2022-05-24

▶

OSV

firefox regressions↗2019-07-25

▶

OSV

firefox vulnerabilities↗2019-07-12

▶

OSV

CVE-2019-11714: Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances↗2019-07-11

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2019-07-25

▶

Ubuntu

Firefox vulnerabilities↗2019-07-12

▶

Red Hat

Mozilla: NeckoChild can trigger crash when accessed off of main thread↗2019-07-09

▶

Debian

CVE-2019-11714: firefox - Necko can access a child on the wrong thread during UDP connections, resulting i...↗2019

▶

💬Community

Bugzilla

CVE-2019-11714 Mozilla: NeckoChild can trigger crash when accessed off of main thread↗2019-07-18

▶