First published: Tue Jul 09 2019(Updated: )
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when importing a curve25519 private key in PKCS#8format. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to obtain sensitive information.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nspr | <0:4.25.0-2.el7_9 | 0:4.25.0-2.el7_9 |
redhat/nss | <0:3.53.1-3.el7_9 | 0:3.53.1-3.el7_9 |
redhat/nss-softokn | <0:3.53.1-6.el7_9 | 0:3.53.1-6.el7_9 |
redhat/nss-util | <0:3.53.1-1.el7_9 | 0:3.53.1-1.el7_9 |
redhat/nspr | <0:4.21.0-2.el8_0 | 0:4.21.0-2.el8_0 |
redhat/nss | <0:3.44.0-7.el8_0 | 0:3.44.0-7.el8_0 |
Mozilla Firefox ESR | <60.8 | 60.8 |
Mozilla Thunderbird | <68 | 68 |
Mozilla Thunderbird | <60.8 | 60.8 |
redhat/nss | <3.36.8 | 3.36.8 |
redhat/nss | <3.44.1 | 3.44.1 |
redhat/nss | <3.47 | 3.47 |
Mozilla Firefox | <68 | 68 |
Mozilla Firefox | <68.0 | |
Mozilla Firefox ESR | <60.8.0 | |
Mozilla Thunderbird | <60.8.0 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2019-11719.
The severity of CVE-2019-11719 is high with a severity value of 7.5.
CVE-2019-11719 could allow a remote attacker to obtain sensitive information in Mozilla Firefox.
To fix CVE-2019-11719, upgrade to the recommended versions of the affected software provided by the vendor.
You can find more information about CVE-2019-11719 in the references section of this advisory.