CVE-2019-11746
published 2019-09-27CVE-2019-11746: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable…
PriorityP340high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.71%
74.6th percentile
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| debian | firefox-esr | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| debian | thunderbird | < firefox 69.0-1 (sid) | firefox 69.0-1 (sid) |
| mozilla | firefox | < 60.9.0 | 60.9.0 |
| mozilla | firefox | < 69.0 | 69.0 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.16.04.4 | 69.0+build2-0ubuntu0.16.04.4 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.16.04.1 | 69.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.18.04.1 | 69.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.18.04.1 | 69.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= unspecified < 69 | 69 |
| mozilla | firefox_esr | >= 68.0 < 68.1.0 | 68.1.0 |
| mozilla | firefox_esr | >= unspecified < 60.9 | 60.9 |
| mozilla | firefox_esr | >= unspecified < 68.1 | 68.1 |
| mozilla | thunderbird | < 60.9.0 | 60.9.0 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0-1 | 1:60.9.0-1 |
| mozilla | thunderbird | >= 0 < 1:60.9.0+build1-0ubuntu0.16.04.2 | 1:60.9.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:60.9.0+build1-0ubuntu0.18.04.1 | 1:60.9.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 68.0 < 68.1.0 | 68.1.0 |
| mozilla | thunderbird | >= unspecified < 68.1 | 68.1 |
| mozilla | thunderbird | >= unspecified < 60.9 | 60.9 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-274m-q55h-jm5r: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use
ghsa_unreviewed·2022-05-24
CVE-2019-11746 [HIGH] CWE-416 GHSA-274m-q55h-jm5r: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
OSV
thunderbird vulnerabilities
osv·2019-10-08·CVSS 6.5
CVE-2019-11739 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that encrypted S/MIME parts in a multipart message can
leak plaintext contents when included in a HTML reply or forward in some
circumstances. If a user were tricked in to replying to or forwarding a
specially crafted message, an attacker could potentially exploit this to
obtain sensitive information. (CVE-2019-11739)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to obtain sensitive
information, conduct cross-site scripting (XSS) attack, scause a denial
of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752)
OSV
firefox regression
osv·2019-10-08·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, C
OSV
CVE-2019-11746: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use
osv·2019-09-27·CVSS 8.8
CVE-2019-11746 [HIGH] CVE-2019-11746: A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
OSV
firefox vulnerabilities
osv·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with anothe
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2019-10-08·CVSS 6.5
CVE-2019-11739 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that encrypted S/MIME parts in a multipart message can
leak plaintext contents when included in a HTML reply or forward in some
circumstances. If a user were tricked in to replying to or forwarding a
specially crafted message, an attacker could potentially exploit this to
obtain sensitive information. (CVE-2019-11739)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to obtain sensitive
information, conduct cross-site scripting (XSS) attack, scause a denial
of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742,
CVE-2019-11
Ubuntu
Firefox regression
vendor_ubuntu·2019-10-08·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-4122-1 caused a regression in Firefox.
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could lo
Red Hat
Mozilla: Use-after-free while manipulating video
vendor_redhat·2019-09-03·CVSS 8.8
CVE-2019-11746 [HIGH] CWE-416 Mozilla: Use-after-free while manipulating video
Mozilla: Use-after-free while manipulating video
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2019-11746: firefox - A use-after-free vulnerability can occur while manipulating video elements if th...
vendor_debian·2019·CVSS 8.8
CVE-2019-11746 [HIGH] CVE-2019-11746: firefox - A use-after-free vulnerability can occur while manipulating video elements if th...
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Scope: local
sid: resolved (fixed in 69.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-11746 Mozilla: Use-after-free while manipulating video
bugzilla·2019-09-04·CVSS 8.8
CVE-2019-11746 [HIGH] CVE-2019-11746 Mozilla: Use-after-free while manipulating video
CVE-2019-11746 Mozilla: Use-after-free while manipulating video
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Nils
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:2663 https://access.redhat.com/errata/RHSA-2019:2663
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-11746
---
This issue has been addressed in the following products:
Red Hat En
Bugzilla
Firefox 69.0 is available
bugzilla·2019-09-03·CVSS 9.8
CVE-2019-11751 [CRITICAL] Firefox 69.0 is available
Firefox 69.0 is available
Description of problem:
Firefox 69.0 is available
Version-Release number of selected component (if applicable):
69.0
Additional info:
Release Notes: https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
Security
- CVE-2019-11751: Malicious code execution through command line parameters
- CVE-2019-11746: Use-after-free while manipulating video
- CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
- CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753: Privilege escalation with Mozilla Maint
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1564449https://security.gentoo.org/glsa/201911-07https://usn.ubuntu.com/4150-1/https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-27/https://www.mozilla.org/security/advisories/mfsa2019-29/https://www.mozilla.org/security/advisories/mfsa2019-30/http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1564449https://security.gentoo.org/glsa/201911-07https://usn.ubuntu.com/4150-1/https://www.mozilla.org/security/advisories/mfsa2019-25/https://www.mozilla.org/security/advisories/mfsa2019-26/https://www.mozilla.org/security/advisories/mfsa2019-27/https://www.mozilla.org/security/advisories/mfsa2019-29/https://www.mozilla.org/security/advisories/mfsa2019-30/
2019-09-27
Published