CVE-2019-11757 - OpenCVE

When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Mozilla	Firefox Esr Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1577107	Issue Tracking Permissions Required
https://security.gentoo.org/glsa/202003-10	Third Party Advisory
https://usn.ubuntu.com/4335-1/	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2019-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-34/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-35/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2020-01-08T19:26:23

Updated: 2020-04-29T02:07:08

Reserved: 2019-05-03T00:00:00

Link: CVE-2019-11757

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-08T20:15:12.453

Modified: 2023-02-01T17:10:07.137

Link: CVE-2019-11757

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 70"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 68.2"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 68.2"}]}], "descriptions": [{"lang": "en", "value": "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2."}], "problemTypes": [{"descriptions": [{"description": "Use-after-free when creating index updates in IndexedDB", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:07:08", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107"}, {"name": "GLSA-202003-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-10"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11757", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_value": "before 70"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_value": "before 68.2"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_value": "before 68.2"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free when creating index updates in IndexedDB"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107"}, {"name": "GLSA-202003-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-10"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11757", "datePublished": "2020-01-08T19:26:23", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2020-04-29T02:07:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4EA7BDA-DA95-46FB-8568-E857D3479994", "versionEndExcluding": "70.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "19FED95C-5BAF-4E31-8F60-E51609BA3BDB", "versionEndExcluding": "68.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CE97332-80EC-4CDF-A18C-37CD645A8A12", "versionEndExcluding": "68.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2."}, {"lang": "es", "value": "Siguiendo la cadena de prototipos de valor, era posible retener una referencia a una configuraci\u00f3n regional, eliminarla y, posteriormente, hacer referencia a ella. Esto result\u00f3 en un uso de la memoria previamente liberada y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versi\u00f3n 70, Thunderbird versiones anteriores a la versi\u00f3n 68.2 y Firefox ESR versiones anteriores a la versi\u00f3n 68.2."}], "id": "CVE-2019-11757", "lastModified": "2023-02-01T17:10:07.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-08T20:15:12.453", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-10"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}