CVE-2019-11694
First published: Tue May 21 2019(Updated: )
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <67 | 67 |
| <67 | 67 | |
| <60.7 | 60.7 | |
| <60.7 | 60.7 | |
| Mozilla Firefox | <67.0 | |
| Mozilla Firefox ESR | <60.7.0 | |
| Mozilla Thunderbird | <60.7.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1534196
- https://www.mozilla.org/security/advisories/mfsa2019-13/
- https://www.mozilla.org/security/advisories/mfsa2019-14/
- https://www.mozilla.org/security/advisories/mfsa2019-15/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-9815
- CVE-2019-9816
- CVE-2019-9817
- CVE-2019-9818
- CVE-2019-9819
- CVE-2019-9820
- CVE-2019-9821
- CVE-2019-11691
- CVE-2019-11692
- CVE-2019-11693
- CVE-2019-7317
- CVE-2019-11694
- CVE-2019-11695
- CVE-2019-11696
- CVE-2019-11697
- CVE-2019-11698
- CVE-2019-11700
- CVE-2019-11699
- CVE-2019-11701
- CVE-2019-9814
- CVE-2019-9800
- CVE-2019-9797
- CVE-2018-18511
- CVE-2019-5798
Frequently Asked Questions
What is CVE-2019-11694?
CVE-2019-11694 is a vulnerability that exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file, resulting in the potential leaking of information stored at that memory location.
Which software is affected by CVE-2019-11694?
CVE-2019-11694 affects Mozilla Firefox versions up to and excluding 67, Mozilla Firefox ESR versions up to and excluding 60.7, and Mozilla Thunderbird versions up to and excluding 60.7.
Is Microsoft Windows affected by CVE-2019-11694?
No, Microsoft Windows is not vulnerable to CVE-2019-11694.
What is the severity level of CVE-2019-11694?
CVE-2019-11694 has a severity level of 7.5 (high).
How can I fix CVE-2019-11694?
To fix CVE-2019-11694, update to the latest version of Mozilla Firefox, Mozilla Firefox ESR, or Mozilla Thunderbird.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/event
- agent/description
- agent/tags
- agent/author
- agent/references
- agent/severity
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- vendor/microsoft
- canonical/microsoft windows