CVE-2019-11764Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-120Classic Buffer OverflowCWE-416Use After Free14 documents8 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
1.0%
top 23.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla ThunderbirdMozilla FirefoxMozilla Firefox ESR+1 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDmozilla/firefox< 70.0
CVEListV5mozilla/firefoxbefore 70
CVEListV5mozilla/firefox_esrbefore 68.2

Also affects: Ubuntu Linux 16.04

🔴Vulnerability Details

6
GHSA
GHSA-w7c5-4mj7-2cm2: Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 682022-05-24
OSV
thunderbird vulnerabilities2020-04-21
CVEList
CVE-2019-11764: Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 682020-01-08
OSV
CVE-2019-11764: Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 682020-01-08
OSV
thunderbird regression2019-12-10

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2020-04-21
Ubuntu
Thunderbird regression2019-12-10
Ubuntu
Thunderbird vulnerabilities2019-11-26
Ubuntu
Firefox vulnerabilities2019-10-23
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.22019-10-22

💬Community

1
Bugzilla
CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.22019-10-23
CVE-2019-11764 — Out-of-bounds Write in Mozilla Firefox | cvebase