First published: Thu Nov 21 2019(Updated: )
A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nspr | <0:4.25.0-2.el7_9 | 0:4.25.0-2.el7_9 |
redhat/nss | <0:3.53.1-3.el7_9 | 0:3.53.1-3.el7_9 |
redhat/nss-softokn | <0:3.53.1-6.el7_9 | 0:3.53.1-6.el7_9 |
redhat/nss-util | <0:3.53.1-1.el7_9 | 0:3.53.1-1.el7_9 |
redhat/nss-softokn | <0:3.28.3-10.el7_4 | 0:3.28.3-10.el7_4 |
redhat/nss | <0:3.36.0-9.el7_6 | 0:3.36.0-9.el7_6 |
redhat/nss-softokn | <0:3.36.0-7.el7_6 | 0:3.36.0-7.el7_6 |
redhat/nss-softokn | <0:3.44.0-9.el7_7 | 0:3.44.0-9.el7_7 |
redhat/nspr | <0:4.25.0-2.el8_2 | 0:4.25.0-2.el8_2 |
redhat/nss | <0:3.53.1-11.el8_2 | 0:3.53.1-11.el8_2 |
Mozilla Firefox | <71 | 71 |
Mozilla Firefox | <71.0 | |
redhat/nss | <3.47 | 3.47 |
debian/firefox | 133.0.3-1 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2019-11756 is a vulnerability in Mozilla Firefox that could allow a remote attacker to execute arbitrary code on the system.
The severity of CVE-2019-11756 is high, with a CVSS score of 8.8.
CVE-2019-11756 occurs due to improper refcounting of soft token session objects, leading to a use-after-free vulnerability.
An attacker can exploit CVE-2019-11756 by persuading a victim to visit a specially-crafted website.
To protect yourself from CVE-2019-11756, ensure that you have applied the necessary security updates provided by Mozilla Firefox or your operating system vendor.