Vulnerability CVE-2019-11709: Information

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11709

Published: July 23, 2019

Modified: April 18, 2022

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	68.0-alt1	126.0.1-alt1	ALT-PU-2019-2301-1	234573	Fixed
firefox	p10	68.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2019-2301-1	234573	Fixed
firefox	p9	68.0.1-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2019-2479-1	235125	Fixed
firefox	p8	68.0.1-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2019-2938-1	236175	Fixed
firefox	c10f1	68.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2019-2301-1	234573	Fixed
firefox	c9f2	68.0.1-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2019-2479-1	235125	Fixed
firefox	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2317-1	234651	Fixed
firefox	p11	68.0-alt1	126.0.1-alt1	ALT-PU-2019-2301-1	234573	Fixed
firefox-esr	sisyphus	60.8.0-alt1	115.11.0-alt1	ALT-PU-2019-2231-1	234195	Fixed
firefox-esr	p10	60.8.0-alt1	115.11.0-alt1	ALT-PU-2019-2231-1	234195	Fixed
firefox-esr	p9	60.8.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2019-2233-1	234196	Fixed
firefox-esr	p8	60.8.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2019-2243-1	234197	Fixed
firefox-esr	c10f1	60.8.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2019-2231-1	234195	Fixed
firefox-esr	c9f2	60.8.0-alt1	102.12.0-alt0.c9.1	ALT-PU-2019-2233-1	234196	Fixed
firefox-esr	p11	60.8.0-alt1	115.11.0-alt1	ALT-PU-2019-2231-1	234195	Fixed
thunderbird	sisyphus	60.8.0-alt1	115.9.0-alt1	ALT-PU-2019-2249-1	234350	Fixed
thunderbird	p10	60.8.0-alt1	115.9.0-alt1	ALT-PU-2019-2249-1	234350	Fixed
thunderbird	p9	60.8.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2019-2259-1	234411	Fixed
thunderbird	p8	60.8.0-alt0.M80P.1	60.8.0-alt0.M80P.1	ALT-PU-2019-2277-1	234413	Fixed
thunderbird	c10f1	60.8.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2019-2249-1	234350	Fixed
thunderbird	c9f2	60.8.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2019-2259-1	234411	Fixed
thunderbird	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2345-1	234994	Fixed
thunderbird	p11	60.8.0-alt1	115.9.0-alt1	ALT-PU-2019-2249-1	234350	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-21/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-22/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-23/	Vendor Advisory
openSUSE-SU-2019:1811	Mailing List Third Party Advisory
openSUSE-SU-2019:1813	Mailing List Third Party Advisory
[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update	Mailing List Third Party Advisory
[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update	Mailing List Third Party Advisory
GLSA-201908-12	Third Party Advisory
GLSA-201908-20	Third Party Advisory
openSUSE-SU-2019:1990	Mailing List Third Party Advisory
openSUSE-SU-2019:2249	Mailing List Third Party Advisory
openSUSE-SU-2019:2248	Mailing List Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  68.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  60.8.0
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  60.8.0
  
  Configuration 2
  cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2019-11709: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4