CVE-2019-11760 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow15 documents8 sources

Severity

8.8HIGHNVD

OSV7.5

EPSS

1.5%

top 18.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Mozilla Firefox Mozilla Firefox ESR +1 more

Timeline

PublishedJan 8

Latest updateMay 24

Description

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDmozilla/firefox< 70.0

▶NVDmozilla/firefox_esr< 68.2

▶CVEListV5mozilla/firefoxbefore 70

▶CVEListV5mozilla/firefox_esrbefore 68.2

▶NVDmozilla/thunderbird< 68.2

Also affects: Ubuntu Linux 16.04

🔴Vulnerability Details

GHSA

GHSA-2qw9-4w7h-8c4q: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2020-04-21

▶

OSV

CVE-2019-11760: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling↗2020-01-08

▶

CVEList

CVE-2019-11760: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling↗2020-01-08

▶

OSV

thunderbird regression↗2019-12-10

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2020-04-21

▶

Ubuntu

Thunderbird regression↗2019-12-10

▶

Ubuntu

Thunderbird vulnerabilities↗2019-11-26

▶

Ubuntu

Firefox vulnerabilities↗2019-10-23

▶

Red Hat

Mozilla: Stack buffer overflow in WebRTC networking↗2019-10-22

▶

💬Community

Bugzilla

CVE-2019-11760 Mozilla: Stack buffer overflow in WebRTC networking↗2019-10-23

▶

Bugzilla

CVE-2018-11760 apache spark: local priviledge escalation when using PySpark↗2019-02-05

▶