CVE-2019-11713
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
23/07/2019
Last modified:
29/07/2019
Description
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 68.0 (excluding) | |
| cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* | 60.8.0 (excluding) | |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 60.8.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1528481
- https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
- https://security.gentoo.org/glsa/201908-12
- https://security.gentoo.org/glsa/201908-20
- https://www.mozilla.org/security/advisories/mfsa2019-21/
- https://www.mozilla.org/security/advisories/mfsa2019-22/
- https://www.mozilla.org/security/advisories/mfsa2019-23/