First published: Tue May 21 2019(Updated: )
The `bufferdata` function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.* External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693">https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693</a>
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <60.7 | 60.7 |
Mozilla Firefox ESR | <60.7 | 60.7 |
Mozilla Firefox | <67 | 67 |
All of | ||
Any of | ||
Mozilla Firefox | <67.0 | |
Mozilla Firefox ESR | <60.7.0 | |
Mozilla Thunderbird | <60.7.0 | |
Linux Linux kernel | ||
Mozilla Firefox | <67.0 | |
Mozilla Firefox ESR | <60.7.0 | |
Mozilla Thunderbird | <60.7.0 | |
Linux Linux kernel | ||
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/firefox | <67.0 | 67.0 |
ubuntu/firefox | <67.0+ | 67.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
ubuntu/thunderbird | <60.7 | 60.7 |
ubuntu/thunderbird | <1:60.7.0+ | 1:60.7.0+ |
debian/firefox | 125.0.3-1 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.10.0esr-1 | |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.10.1-1~deb10u1 1:115.7.0-1~deb11u1 1:115.10.1-1~deb11u1 1:115.7.0-1~deb12u1 1:115.10.1-1~deb12u1 1:115.10.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2019-11693.
The severity of the vulnerability is critical with a CVSS score of 9.8.
The specific graphics drivers on Linux that are affected by this vulnerability have not been specified.
This vulnerability only occurs on Linux. Other operating systems are unaffected.
Update your Mozilla Firefox or Mozilla Thunderbird to version 67.0+ or apply the appropriate patch according to your Linux distribution.