CVE-2019-11746 - OpenCVE

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox Esr Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1564449	Issue Tracking Permissions Required Vendor Advisory
https://security.gentoo.org/glsa/201911-07
https://usn.ubuntu.com/4150-1/
https://www.mozilla.org/security/advisories/mfsa2019-25/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-26/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-27/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-29/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-30/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2019-09-27T17:16:39

Updated: 2019-11-25T01:07:07

Reserved: 2019-05-03T00:00:00

Link: CVE-2019-11746

JSON object: View

NVD Information

Status : Modified

Published: 2019-09-27T18:15:12.333

Modified: 2019-10-04T18:15:14.110

Link: CVE-2019-11746

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "69", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "60.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "60.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "68.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1."}], "problemTypes": [{"descriptions": [{"description": "Use-after-free while manipulating video", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-25T01:07:07", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1564449"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-25/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-27/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-26/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-29/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"}, {"name": "openSUSE-SU-2019:2248", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"name": "openSUSE-SU-2019:2249", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}, {"name": "openSUSE-SU-2019:2251", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"}, {"name": "openSUSE-SU-2019:2260", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"}, {"name": "USN-4150-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4150-1/"}, {"name": "GLSA-201911-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201911-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11746", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "69"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.1"}, {"version_affected": "<", "version_value": "60.9"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "60.9"}, {"version_affected": "<", "version_value": "68.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free while manipulating video"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1564449", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1564449"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-25/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-25/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-27/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-27/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-26/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-26/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-29/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-29/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-30/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"}, {"name": "openSUSE-SU-2019:2248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"name": "openSUSE-SU-2019:2249", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}, {"name": "openSUSE-SU-2019:2251", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"}, {"name": "openSUSE-SU-2019:2260", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"}, {"name": "USN-4150-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4150-1/"}, {"name": "GLSA-201911-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201911-07"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11746", "datePublished": "2019-09-27T17:16:39", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2019-11-25T01:07:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "299AA921-46BD-4E9F-8D74-F304F44C6EB4", "versionEndExcluding": "69.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "374FD799-289B-4AD5-867D-5249DDD4C88E", "versionEndExcluding": "60.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE2AF870-C78F-49CA-B92B-F2E82F1C0B98", "versionEndExcluding": "68.1.0", "versionStartIncluding": "68.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "6767554B-7534-4C6A-8E34-F389CD3B8934", "versionEndExcluding": "60.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA30451-E9AB-4FAE-AA49-91FCCFBE3377", "versionEndExcluding": "68.1.0", "versionStartIncluding": "68.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1."}, {"lang": "es", "value": "Se puede presentar una vulnerabilidad de uso de la memoria previamente liberada despu\u00e9s de manipular elementos de video si el cuerpo es liberado mientras todav\u00eda se encuentra en uso. Esto resulta en un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 69, Thunderbird versiones anteriores a 68.1, Thunderbird versiones anteriores a 60.9, Firefox versiones anteriores a 60.9 y Firefox ESR versiones anteriores a 68.1."}], "id": "CVE-2019-11746", "lastModified": "2019-10-04T18:15:14.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-27T18:15:12.333", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1564449"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201911-07"}, {"source": "security@mozilla.org", "url": "https://usn.ubuntu.com/4150-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-25/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-26/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-27/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-29/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-30/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}