CVE-2019-11759Classic Buffer Overflow in Mozilla Firefox

CWE-120Classic Buffer Overflow14 documents8 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
2.5%
top 14.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla ThunderbirdMozilla FirefoxMozilla Firefox ESR+1 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDmozilla/firefox< 70.0
CVEListV5mozilla/firefoxbefore 70
CVEListV5mozilla/firefox_esrbefore 68.2

Also affects: Ubuntu Linux 16.04

🔴Vulnerability Details

6
GHSA
GHSA-2h74-w2gg-96g2: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack2022-05-24
OSV
thunderbird vulnerabilities2020-04-21
OSV
CVE-2019-11759: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack2020-01-08
CVEList
CVE-2019-11759: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack2020-01-08
OSV
thunderbird regression2019-12-10

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2020-04-21
Ubuntu
Thunderbird regression2019-12-10
Ubuntu
Thunderbird vulnerabilities2019-11-26
Ubuntu
Firefox vulnerabilities2019-10-23
Red Hat
Mozilla: Stack buffer overflow in HKDF output2019-10-22

💬Community

1
Bugzilla
CVE-2019-11759 Mozilla: Stack buffer overflow in HKDF output2019-10-23
CVE-2019-11759 — Classic Buffer Overflow in Mozilla | cvebase