CVE-2019-11693

Опубликовано: 23 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1532525
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-13/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-14/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-15/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1532525
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-13/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-14/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-15/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Версия до 67.0 (исключая)

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Версия до 60.7.0 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Версия до 60.7.0 (исключая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00598

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-11693

CVSS3: 9.8

ubuntu

около 6 лет назад

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVE-2019-11693

CVSS3: 9.8

redhat

около 6 лет назад

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

CVE-2019-11693

CVSS3: 9.8

debian

около 6 лет назад

The bufferdata function in WebGL is vulnerable to a buffer overflow wi ...

GHSA-rm3r-xfmr-5622

github

около 3 лет назад

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

BDU:2019-03560

CVSS3: 9.8

fstec

около 6 лет назад

Уязвимость буферных данных WebGL браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании

EPSS

Процентиль: 68%

0.00598

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787