CVE-2019-11729
Published on: 07/23/2019 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:35 PM UTC
Certain versions of Firefox from Mozilla contain the following vulnerability:
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
- CVE-2019-11729 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
Mozilla - Firefox ESR version < 60.8
- Affected Vendor/Software:
Mozilla - Firefox version < 68
- Affected Vendor/Software:
Mozilla - Thunderbird version < 60.8
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Security vulnerabilities fixed in Firefox 68 — Mozilla | Vendor Advisory www.mozilla.org text/html |
![]() |
[security-announce] openSUSE-SU-2019:1990-1: moderate: Security update f | lists.opensuse.org text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Mozilla Firefox: Multiple vulnerabilities (GLSA 201908-12) — Gentoo security | security.gentoo.org text/html |
![]() |
Access Denied | Issue Tracking Permissions Required Vendor Advisory bugzilla.mozilla.org text/html |
![]() |
[security-announce] openSUSE-SU-2019:1813-1: important: Security update | lists.opensuse.org text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
[SECURITY] [DLA 2388-1] nss security update | lists.debian.org text/html |
![]() |
[security-announce] openSUSE-SU-2019:1811-1: important: Security update | lists.opensuse.org text/html |
![]() |
[security-announce] openSUSE-SU-2019:2249-1: important: Security update | lists.opensuse.org text/html |
![]() |
Security vulnerabilities fixed in Firefox ESR 60.8 — Mozilla | Vendor Advisory www.mozilla.org text/html |
![]() |
Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla | Vendor Advisory www.mozilla.org text/html |
![]() |
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 201908-20) — Gentoo security | security.gentoo.org text/html |
![]() |
[security-announce] openSUSE-SU-2019:2248-1: important: Security update | lists.opensuse.org text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Mozilla | Firefox | All | All | All | All |
Application | Mozilla | Firefox | All | All | All | All |
Application | Mozilla | Firefox Esr | All | All | All | All |
Application | Mozilla | Firefox Esr | All | All | All | All |
Application | Mozilla | Thunderbird | All | All | All | All |
Application | Mozilla | Thunderbird | All | All | All | All |
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Critical Omnistack Update released | 2020-12-10 19:09:32 |