CVE-2019-5849
published 2019-11-25CVE-2019-5849: Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via…
PriorityP335high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
EPSS
1.36%
68.3th percentile
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 76.0.3809.87-1 | 76.0.3809.87-1 |
| chromium | chromium | >= 0 < 76.0.3809.87-1 | 76.0.3809.87-1 |
| chromium | chromium | >= 0 < 76.0.3809.87-1 | 76.0.3809.87-1 |
| chromium | chromium | >= 0 < 76.0.3809.87-1 | 76.0.3809.87-1 |
| debian | chromium | < chromium 76.0.3809.87-1 (bookworm) | chromium 76.0.3809.87-1 (bookworm) |
| debian | firefox | < chromium 76.0.3809.87-1 (bookworm) | chromium 76.0.3809.87-1 (bookworm) |
| chrome | < 75.0.3770.80 | 75.0.3770.80 | |
| chrome | >= unspecified < 75.0.3770.80 | 75.0.3770.80 | |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.16.04.4 | 69.0+build2-0ubuntu0.16.04.4 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.16.04.1 | 69.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 69.0+build2-0ubuntu0.18.04.1 | 69.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 69.0.2+build1-0ubuntu0.18.04.1 | 69.0.2+build1-0ubuntu0.18.04.1 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6r35-v7gr-mc52: Out of bounds read in Skia in Google Chrome prior to 75
ghsa_unreviewed·2022-05-24
CVE-2019-5849 [MEDIUM] GHSA-6r35-v7gr-mc52: Out of bounds read in Skia in Google Chrome prior to 75
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
OSV
CVE-2019-5849: Out of bounds read in Skia in Google Chrome prior to 75
osv·2019-11-25·CVSS 8.1
CVE-2019-5849 [HIGH] CVE-2019-5849: Out of bounds read in Skia in Google Chrome prior to 75
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
OSV
firefox regression
osv·2019-10-08·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, C
OSV
firefox vulnerabilities
osv·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with anothe
Ubuntu
Firefox regression
vendor_ubuntu·2019-10-08·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-4122-1 caused a regression in Firefox.
USN-4122-1 fixed vulnerabilities in Firefox. The update caused a
regression that resulted in a crash when changing YouTube playback speed
in some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2019-09-04·CVSS 9.8
CVE-2019-5849 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could lo
Red Hat
Mozilla: Out-of-bounds read in Skia
vendor_redhat·2019-09-03·CVSS 8.1
CVE-2019-5849 [HIGH] CWE-125 Mozilla: Out-of-bounds read in Skia
Mozilla: Out-of-bounds read in Skia
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: firefox (Red Hat Enterprise Linux 6) - Will not fix
Package: firefox (Red Hat Enterprise Linux 7) - Will not fix
Package: firefox (Red Hat Enterprise Linux 8) - Will not fix
Debian
CVE-2019-5849: chromium - Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remo...
vendor_debian·2019·CVSS 8.1
CVE-2019-5849 [HIGH] CVE-2019-5849: chromium - Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remo...
Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 76.0.3809.87-1)
bullseye: resolved (fixed in 76.0.3809.87-1)
forky: resolved (fixed in 76.0.3809.87-1)
sid: resolved (fixed in 76.0.3809.87-1)
trixie: resolved (fixed in 76.0.3809.87-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-5849 Mozilla: Out-of-bounds read in Skia
bugzilla·2019-09-04·CVSS 8.1
CVE-2019-5849 [HIGH] CVE-2019-5849 Mozilla: Out-of-bounds read in Skia
CVE-2019-5849 Mozilla: Out-of-bounds read in Skia
An out-of-bounds read vulnerability exists in the Skia graphics library, allowing for the possible leaking of data from memory.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-5849
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Zhen Zhou (NSFOCUS Security Team)
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-5849
Bugzilla
Firefox 69.0 is available
bugzilla·2019-09-03·CVSS 9.8
CVE-2019-11751 [CRITICAL] Firefox 69.0 is available
Firefox 69.0 is available
Description of problem:
Firefox 69.0 is available
Version-Release number of selected component (if applicable):
69.0
Additional info:
Release Notes: https://www.mozilla.org/en-US/firefox/69.0/releasenotes/
Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
Security
- CVE-2019-11751: Malicious code execution through command line parameters
- CVE-2019-11746: Use-after-free while manipulating video
- CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
- CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
- CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
- CVE-2019-11753: Privilege escalation with Mozilla Maint
Bugzilla
Skia: OOB Read in ReflexHash::checkTriangle
bugzilla·2019-05-30·CVSS 8.1
[HIGH] Skia: OOB Read in ReflexHash::checkTriangle
Skia: OOB Read in ReflexHash::checkTriangle
A patch in Chrome for Skia went into the upcoming Chrome 76, described as "OOB Read in ReflexHash::checkTriangle" and medium security severity. The patch was elsewhere and I don't have a testcase that points to that location. Fixed in the following patch:
https://skia.googlesource.com/skia/+/a5ef39726a7b8e54d295aa8336e7d874bc33f436
Discussion:
Created attachment 9069748
Bug 1555838 - More polyutil fixes. r?rhunt
---
I don't believe we use the shadow code affected by this patch, but just in case there is no harm in cherrypicking this.
---
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lsalzman, could you have a look please?
For more information, please visit [auto_nag documentation](https://wiki.mozilla.org/
2019-11-25
Published