CVE-2019-11719
First published: Tue Jul 09 2019(Updated: )
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when importing a curve25519 private key in PKCS#8format. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to obtain sensitive information.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/nspr | <0:4.25.0-2.el7_9 | 0:4.25.0-2.el7_9 |
| redhat/nss | <0:3.53.1-3.el7_9 | 0:3.53.1-3.el7_9 |
| redhat/nss-softokn | <0:3.53.1-6.el7_9 | 0:3.53.1-6.el7_9 |
| redhat/nss-util | <0:3.53.1-1.el7_9 | 0:3.53.1-1.el7_9 |
| redhat/nspr | <0:4.21.0-2.el8_0 | 0:4.21.0-2.el8_0 |
| redhat/nss | <0:3.44.0-7.el8_0 | 0:3.44.0-7.el8_0 |
| Mozilla Firefox ESR | <60.8 | 60.8 |
| Mozilla Thunderbird | <68 | 68 |
| Mozilla Thunderbird | <60.8 | 60.8 |
| redhat/nss | <3.36.8 | 3.36.8 |
| redhat/nss | <3.44.1 | 3.44.1 |
| redhat/nss | <3.47 | 3.47 |
| Mozilla Firefox | <68 | 68 |
| Mozilla Firefox | <68.0 | |
| Mozilla Firefox ESR | <60.8.0 | |
| Mozilla Thunderbird | <60.8.0 | |
| IBM Security Guardium | <=10.5 | |
| IBM Security Guardium | <=10.6 | |
| IBM Security Guardium | <=11.0 | |
| IBM Security Guardium | <=11.1 | |
| IBM Security Guardium | <=11.2 | |
| IBM Security Guardium | <=11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-11719 https://nvd.nist.gov/vuln/detail/CVE-2019-11719 https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
- https://bugzilla.redhat.com/show_bug.cgi?id=1728436
- https://access.redhat.com/errata/RHSA-2020:4076
- https://access.redhat.com/errata/RHSA-2019:1951
- https://access.redhat.com/security/cve/cve-2019-11719
- https://bugzilla.mozilla.org/show_bug.cgi?id=1540541
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
- https://security.gentoo.org/glsa/201908-12
- https://security.gentoo.org/glsa/201908-20
- https://www.mozilla.org/security/advisories/mfsa2019-21/
- https://www.mozilla.org/security/advisories/mfsa2019-22/
- https://www.mozilla.org/security/advisories/mfsa2019-23/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/163512
- https://www.ibm.com/support/pages/node/6455281 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-11719.
What is the severity of CVE-2019-11719?
The severity of CVE-2019-11719 is high with a severity value of 7.5.
How does CVE-2019-11719 impact Mozilla Firefox?
CVE-2019-11719 could allow a remote attacker to obtain sensitive information in Mozilla Firefox.
How can I fix CVE-2019-11719?
To fix CVE-2019-11719, upgrade to the recommended versions of the affected software provided by the vendor.
Where can I find more information about CVE-2019-11719?
You can find more information about CVE-2019-11719 in the references section of this advisory.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-11719
- agent/description
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/ibm-support
- source/IBM
- agent/references
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/10.5
- version/ibm security guardium/10.6
- version/ibm security guardium/11.0
- version/ibm security guardium/11.1
- version/ibm security guardium/11.2
- version/ibm security guardium/11.3