PT-2019-3407 · Mozilla+5 · Firefox Esr+7

Crixer

·

Published

2019-05-21

·

Updated

2024-12-12

·

CVE-2019-11693

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 67 Firefox ESR versions prior to 60.7 Thunderbird versions prior to 60.7
Description The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux, potentially allowing a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. This issue could result in malicious content freezing a tab or triggering a potentially exploitable crash. The issue only occurs on Linux, and other operating systems are unaffected.
Recommendations For Firefox versions prior to 67, update to version 67 or later. For Firefox ESR versions prior to 60.7, update to version 60.7 or later. For Thunderbird versions prior to 60.7, update to version 60.7 or later.

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2019-1941
BDU:2019-03560
CESA-2019_1265
CESA-2019_1267
CESA-2019_1269
CESA-2019_1308
CESA-2019_1309
CESA-2019_1310
CVE-2019-11693
DLA-1800-1
DLA-1806-1
DSA-4448-1
DSA-4451-1
MGASA-2019-0190
MGASA-2019-0191
OPENSUSE-SU-2019:1534-1
OPENSUSE-SU-2019:1664-1
OPENSUSE-SU-2019_1484-1
OPENSUSE-SU-2019_1534-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1265
RHSA-2019:1267
RHSA-2019:1269
RHSA-2019:1308
RHSA-2019:1309
RHSA-2019:1310
RHSA-2019_1265
RHSA-2019_1267
RHSA-2019_1269
RHSA-2019_1308
RHSA-2019_1309
RHSA-2019_1310
SUSE-SU-2019:1388-1
SUSE-SU-2019:1405-1
SUSE-SU-2019:1458-1
SUSE-SU-2019_1405-1
USN-3991-1
USN-3991-2
USN-3991-3
USN-3997-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu