{"api_version":"1","generated_at":"2026-04-23T00:39:25+00:00","cve":"CVE-2019-11709","urls":{"html":"https://cve.report/CVE-2019-11709","api":"https://cve.report/api/cve/CVE-2019-11709.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11709","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11709"},"summary":{"title":"CVE-2019-11709","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2019-07-23 14:15:00","updated_at":"2022-04-18 17:02:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-21/","name":"https://www.mozilla.org/security/advisories/mfsa2019-21/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox 68 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html","name":"openSUSE-SU-2019:1990","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1990-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201908-12","name":"GLSA-201908-12","refsource":"GENTOO","tags":[],"title":"Mozilla Firefox: Multiple vulnerabilities (GLSA 201908-12) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1870-1] thunderbird security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522","name":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522","refsource":"MISC","tags":["Broken Link","Issue Tracking","Vendor Advisory"],"title":"Bug List","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html","name":"openSUSE-SU-2019:1813","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1813-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html","name":"openSUSE-SU-2019:1811","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1811-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html","name":"openSUSE-SU-2019:2249","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2249-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-22/","name":"https://www.mozilla.org/security/advisories/mfsa2019-22/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox ESR 60.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-23/","name":"https://www.mozilla.org/security/advisories/mfsa2019-23/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201908-20","name":"GLSA-201908-20","refsource":"GENTOO","tags":[],"title":"Mozilla Thunderbird: Multiple vulnerabilities (GLSA 201908-20) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1869-1] firefox-esr security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html","name":"openSUSE-SU-2019:2248","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2248-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11709","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11709","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"linux_enterprise","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11709","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"package_hub","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-11709","qid":"296081","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 12.5.0 Missing (CPUJUL2019)"},{"cve":"CVE-2019-11709","qid":"378138","title":"Virtuozzo Linux Security Update for firefox (VZLSA-2019:1763)"},{"cve":"CVE-2019-11709","qid":"500919","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2019-11709","qid":"504784","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2019-11709","qid":"710140","title":"Gentoo Linux Mozilla Thunderbird Multiple vulnerabilities (GLSA 201908-20)"},{"cve":"CVE-2019-11709","qid":"710148","title":"Gentoo Linux Mozilla Firefox Multiple vulnerabilities (GLSA 201908-12)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-11709","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox ESR","version":{"version_data":[{"version_value":"60.8","version_affected":"<"}]}},{"product_name":"Firefox","version":{"version_data":[{"version_value":"68","version_affected":"<"}]}},{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"60.8","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-21/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-21/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-22/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-22/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-23/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-23/"},{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522","refsource":"MISC","name":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1811","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1813","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"},{"refsource":"GENTOO","name":"GLSA-201908-12","url":"https://security.gentoo.org/glsa/201908-12"},{"refsource":"GENTOO","name":"GLSA-201908-20","url":"https://security.gentoo.org/glsa/201908-20"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1990","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2248","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2249","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}]},"description":{"description_data":[{"lang":"eng","value":"Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."}]}},"nvd":{"publishedDate":"2019-07-23 14:15:00","lastModifiedDate":"2022-04-18 17:02:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"68.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"60.8.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"60.8.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11709","Ordinal":"150031","Title":"CVE-2019-11709","CVE":"CVE-2019-11709","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11709","Ordinal":"1","NoteData":"Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11709","Ordinal":"2","NoteData":"2019-07-23","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11709","Ordinal":"3","NoteData":"2019-10-04","Type":"Other","Title":"Modified"}]}}}