CVE-2019-11746Use After Free in Mozilla Firefox

CWE-416Use After Free13 documents7 sources
Severity
8.8HIGHNVD
OSV9.8OSV6.5
EPSS
0.7%
top 29.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+3 more
Timeline
PublishedSep 27
Latest updateMay 24

Description

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages12 packages

debiandebian/firefox< firefox 69.0-1 (sid)
CVEListV5mozilla/firefoxunspecified69
NVDmozilla/firefox< 60.9.0+1
debiandebian/firefox-esr< firefox 69.0-1 (sid)
CVEListV5mozilla/firefox_esrunspecified60.9+1

🔴Vulnerability Details

5
GHSA
GHSA-274m-q55h-jm5r: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use2022-05-24
OSV
thunderbird vulnerabilities2019-10-08
OSV
firefox regression2019-10-08
OSV
CVE-2019-11746: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use2019-09-27
OSV
firefox vulnerabilities2019-09-04

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2019-10-08
Ubuntu
Firefox regression2019-10-08
Ubuntu
Firefox vulnerabilities2019-09-04
Red Hat
Mozilla: Use-after-free while manipulating video2019-09-03
Debian
CVE-2019-11746: firefox - A use-after-free vulnerability can occur while manipulating video elements if th...2019

💬Community

2
Bugzilla
CVE-2019-11746 Mozilla: Use-after-free while manipulating video2019-09-04
Bugzilla
Firefox 69.0 is available2019-09-03