Vulnerability CVE-2019-11752


Published: 2019-09-27

Description:
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Type:

CWE-416

(Use After Free)

Vendor: Mozilla
Product: Thunderbird 
Version:
9.0.1
9.0
8.0
7.0.1
7.0
68.0
60.8.0
60.7.2
60.7.1
60.7.0
60.6.1
60.6.0
60.5.1
60.5.0
60.4.0
60.3.3
60.3.2
60.3.1
60.3.0
60.2.1
60.0
6.0.2
6.0.1
6.0
59.0
58.0
57.0
56.0
See more versions on NVD
Product: Firefox 
Version:
9.0.1
9.0
8.0.1
8.0
7.0.1
7.0
68.1.0
68.0.2
68.0.1
68.0
67.0.2
66.0.3
66.0.2
66.0.1
66.0
65.0
64.0.2
64.0
63.0.3
63.0.1
63.0
62.0.3
62.0.2
62.0
61.0.2
61.0.1
61.0
60.7.3
60.6.1
60.5.0
60.4.0
60.3.0
60.2.2
60.2.1
60.2.0
60.1.0
60.0.2
60.0.1
60.0
6.0.2
6.0.1
6.0
59.0.3
59.0.2
59.0.1
59.0
58.0.2
58.0.1
58.0
57.0.4
57.0.3
57.0.2
57.0.1
57.0
56.0.2
56.0.1
56.0
55.0.3
See more versions on NVD
Product: Firefox esr 
Version:
60.7.1
60.7.0
60.6.1
60.6.0
60.5.0
60.4.0
60.3.0
60.2.2
60.2.0
60.1.0
60.0
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1501152
https://usn.ubuntu.com/4150-1/
https://www.mozilla.org/security/advisories/mfsa2019-25/
https://www.mozilla.org/security/advisories/mfsa2019-26/
https://www.mozilla.org/security/advisories/mfsa2019-27/
https://www.mozilla.org/security/advisories/mfsa2019-29/
https://www.mozilla.org/security/advisories/mfsa2019-30/

Related CVE
CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripp...
CVE-2019-11754
When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.
CVE-2019-11753
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location ...
CVE-2019-11751
Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as...
CVE-2019-11750
A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for t...
CVE-2019-11748
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer pe...
CVE-2019-11747
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Du...

Copyright 2019, cxsecurity.com

 

Back to Top