ID

VAR-202001-1433


CVE

CVE-2019-11745


TITLE

Firefox and Thunderbird Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-013984

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019 nss vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2020:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1267 Issue date: 2020-04-01 CVE Names: CVE-2018-0495 CVE-2019-11745 ==================================================================== 1. Summary: An update for nss-softokn is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64, ppc64le, s390x, x86_64 3. Description: The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1591163 - CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5): Source: nss-softokn-3.36.0-6.el7_5.src.rpm x86_64: nss-softokn-3.36.0-6.el7_5.i686.rpm nss-softokn-3.36.0-6.el7_5.x86_64.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-3.36.0-6.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5): x86_64: nss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm nss-softokn-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-devel-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.5): Source: nss-softokn-3.36.0-6.el7_5.src.rpm ppc64: nss-softokn-3.36.0-6.el7_5.ppc.rpm nss-softokn-3.36.0-6.el7_5.ppc64.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.ppc.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.ppc64.rpm nss-softokn-devel-3.36.0-6.el7_5.ppc.rpm nss-softokn-devel-3.36.0-6.el7_5.ppc64.rpm nss-softokn-freebl-3.36.0-6.el7_5.ppc.rpm nss-softokn-freebl-3.36.0-6.el7_5.ppc64.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.ppc.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.ppc64.rpm ppc64le: nss-softokn-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-devel-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-freebl-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.ppc64le.rpm s390x: nss-softokn-3.36.0-6.el7_5.s390.rpm nss-softokn-3.36.0-6.el7_5.s390x.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.s390.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.s390x.rpm nss-softokn-devel-3.36.0-6.el7_5.s390.rpm nss-softokn-devel-3.36.0-6.el7_5.s390x.rpm nss-softokn-freebl-3.36.0-6.el7_5.s390.rpm nss-softokn-freebl-3.36.0-6.el7_5.s390x.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.s390.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.s390x.rpm x86_64: nss-softokn-3.36.0-6.el7_5.i686.rpm nss-softokn-3.36.0-6.el7_5.x86_64.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm nss-softokn-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-devel-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoRSIdzjgjWX9erEAQiVqQ//TH1K6R0uTAuq11Q7PXmGjTPUa2/clEuk c008m2G1x4AWmPocvtPpPhKe0BUviGxFtAGTrhJx5f2be2YmRZ+JHFRYwHI3lKM2 YJjMwSW0vohBhVXudOvG7+cWfbkKt1i0a8N+2IaSH0VcgUEOvhyPVZ/22HwNUeaS loPZFyJOJZy76heQNzenvXLj1CRIlkGsxsvr0fxVHqNrNXn/k3jzPfBHtFxbawk1 QjwkAND/s8x9Qj8T7zby/2NXXi5y8yuI4PksOb2rmyjaPLtcAGujHtHsEGziyinW BJAyh7tkMxAcWxxMNEdRAZjVcErp99ZNaa4Ck+u9rEW7vPWYn6EunPnqnL1y9nCZ f/ZKICjXVkMqZq8Jp7WOmupmT1fGt1LSUYnJIiyn1u/6fZANh6BzgmR74RkX5OWc 2QSyU3FcZXT7ttaKtaGslCaT9ZLIn1grKhoTrqTrc1Z9IekJNBBm/5/FIzutNqd/ D6TIJbH82G03j1DXG2fvsRLfaDu0GTt6HXLEsK0JPlJZeXOwJdrGvJz3XYX1jo2o CF1R9lEXhkJXoxXn7e5EJ5Egl04vqqJ16qsWyynolhETK/dUkXf1x4Cdg3HeZ3CB m1EgllecBP+OLntAqaHihCzwpZEJaARI/xxKHpYd96KcsfqLtPKcc1uWDFHk64Tk rIqDkBJPd4A=xNcH -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.4) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-337-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/security/advisories/mfsa2019-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.3.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.3.0esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 87f700f9d6e2f2714f34bd4df98daff3 mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a1fc7f2d55d99552fbfef89c0a4fc4d8 mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Slackware -current package: b398fbd95c214bc1f209344809557650 xap/mozilla-firefox-68.3.0esr-i686-1.txz Slackware x86_64 -current package: 54fdcfaa0337054003900c366020e39f xap/mozilla-firefox-68.3.0esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 8.0) - ppc64le, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Thunderbird: Multiple vulnerabilities Date: March 14, 2020 Bugs: #698516, #702638, #709350, #712518 ID: 202003-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 68.6.0 >= 68.6.0 2 mail-client/thunderbird-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or conduct Cross-Site Request Forgery (CSRF). Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.6.0" All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.6.0" References ========== [ 1 ] MFSA-2019-35 https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ [ 2 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 3 ] MFSA-2020-07 https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/ [ 4 ] MFSA-2020-10 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/ [ 5 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 6 ] CVE-2019-11757 https://nvd.nist.gov/vuln/detail/CVE-2019-11757 [ 7 ] CVE-2019-11759 https://nvd.nist.gov/vuln/detail/CVE-2019-11759 [ 8 ] CVE-2019-11760 https://nvd.nist.gov/vuln/detail/CVE-2019-11760 [ 9 ] CVE-2019-11761 https://nvd.nist.gov/vuln/detail/CVE-2019-11761 [ 10 ] CVE-2019-11762 https://nvd.nist.gov/vuln/detail/CVE-2019-11762 [ 11 ] CVE-2019-11763 https://nvd.nist.gov/vuln/detail/CVE-2019-11763 [ 12 ] CVE-2019-11764 https://nvd.nist.gov/vuln/detail/CVE-2019-11764 [ 13 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 14 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 15 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 16 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 17 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 18 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 19 ] CVE-2020-6792 https://nvd.nist.gov/vuln/detail/CVE-2020-6792 [ 20 ] CVE-2020-6793 https://nvd.nist.gov/vuln/detail/CVE-2020-6793 [ 21 ] CVE-2020-6794 https://nvd.nist.gov/vuln/detail/CVE-2020-6794 [ 22 ] CVE-2020-6795 https://nvd.nist.gov/vuln/detail/CVE-2020-6795 [ 23 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 24 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 25 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 26 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 27 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 28 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 29 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 30 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2019-11745 // JVNDB: JVNDB-2019-013984 // VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 157142 // PACKETSTORM: 156299 // PACKETSTORM: 155546 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 156721 // PACKETSTORM: 155603

AFFECTED PRODUCTS

vendor:mozillamodel:firefox esrscope:ltversion:68.3

Trust: 1.8

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:mozillamodel:thunderbirdscope:ltversion:68.3.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:mozillamodel:firefoxscope:ltversion:71.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:2.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:2.14.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:2.14.0

Trust: 1.0

vendor:mozillamodel:firefoxscope:ltversion:71

Trust: 0.8

vendor:mozillamodel:thunderbirdscope:ltversion:68.3

Trust: 0.8

vendor:opensusemodel:leapscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-013984 // NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11745
value: HIGH

Trust: 1.0

NVD: CVE-2019-11745
value: HIGH

Trust: 0.8

VULMON: CVE-2019-11745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11745
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-11745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-11745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-11745 // JVNDB: JVNDB-2019-013984 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-013984 // NVD: CVE-2019-11745

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 155487 // PACKETSTORM: 155989

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 155487 // PACKETSTORM: 156721 // PACKETSTORM: 155603

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013984

PATCH

title:MFSA2019-36url:https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/

Trust: 0.8

title:MFSA2019-37url:https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/

Trust: 0.8

title:MFSA2019-38url:https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/

Trust: 0.8

title:openSUSE-SU-2020:0008-1url:https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html

Trust: 0.8

title:openSUSE-SU-2020:0003-1url:https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html

Trust: 0.8

title:openSUSE-SU-2020:0002-1url:https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html

Trust: 0.8

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss, nss-softokn, nss-util security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1

Trust: 0.1

title:Debian Security Advisories: DSA-4579-1 nss -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1379url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-1942url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1384url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1355url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-1] firefox: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox 71url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2019-11745 // JVNDB: JVNDB-2019-013984

EXTERNAL IDS

db:NVDid:CVE-2019-11745

Trust: 2.8

db:ICS CERTid:ICSA-21-040-04

Trust: 1.1

db:SIEMENSid:SSA-379803

Trust: 1.1

db:JVNDBid:JVNDB-2019-013984

Trust: 0.8

db:VULMONid:CVE-2019-11745

Trust: 0.1

db:PACKETSTORMid:155487

Trust: 0.1

db:PACKETSTORMid:157044

Trust: 0.1

db:PACKETSTORMid:157142

Trust: 0.1

db:PACKETSTORMid:156299

Trust: 0.1

db:PACKETSTORMid:155546

Trust: 0.1

db:PACKETSTORMid:155989

Trust: 0.1

db:PACKETSTORMid:156093

Trust: 0.1

db:PACKETSTORMid:156721

Trust: 0.1

db:PACKETSTORMid:155603

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 157142 // PACKETSTORM: 156299 // PACKETSTORM: 155546 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 156721 // PACKETSTORM: 155603 // JVNDB: JVNDB-2019-013984 // NVD: CVE-2019-11745

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-11745

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2020:0243

Trust: 1.3

url:https://www.mozilla.org/security/advisories/mfsa2019-37/

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2020:0466

Trust: 1.2

url:https://security.gentoo.org/glsa/202003-10

Trust: 1.2

url:https://www.mozilla.org/security/advisories/mfsa2019-38/

Trust: 1.1

url:https://www.mozilla.org/security/advisories/mfsa2019-36/

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=1586176

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html

Trust: 1.1

url:https://usn.ubuntu.com/4241-1/

Trust: 1.1

url:https://security.gentoo.org/glsa/202003-02

Trust: 1.1

url:https://security.gentoo.org/glsa/202003-37

Trust: 1.1

url:https://usn.ubuntu.com/4335-1/

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Trust: 1.1

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11745

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11745

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17011

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17010

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17012

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-0495

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0495

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17008

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17005

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/4203-2/

Trust: 0.1

url:https://usn.ubuntu.com/4203-1/

Trust: 0.1

url:https://usn.ubuntu.com/4203-1

Trust: 0.1

url:https://usn.ubuntu.com/4203-2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1267

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1345

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17010

Trust: 0.1

url:https://www.mozilla.org/security/known-vulnerabilities/firefoxesr.html

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13722

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17008

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17011

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17005

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17009

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13722

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://www.mozilla.org/en-us/firefox/68.3.0/releasenotes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17009

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17012

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17016

Trust: 0.1

url:https://usn.ubuntu.com/4241-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17026

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.19.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17024

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6798

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-35/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6800

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-07/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11757

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6794

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6793

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20503

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-10/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6792

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6812

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11760

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11763

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17014

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.19.10.1

Trust: 0.1

url:https://usn.ubuntu.com/4216-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.19.04.1

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 157142 // PACKETSTORM: 156299 // PACKETSTORM: 155546 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 156721 // PACKETSTORM: 155603 // JVNDB: JVNDB-2019-013984 // NVD: CVE-2019-11745

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 157044 // PACKETSTORM: 157142 // PACKETSTORM: 156299 // PACKETSTORM: 156093

SOURCES

db:VULMONid:CVE-2019-11745
db:PACKETSTORMid:155487
db:PACKETSTORMid:157044
db:PACKETSTORMid:157142
db:PACKETSTORMid:156299
db:PACKETSTORMid:155546
db:PACKETSTORMid:155989
db:PACKETSTORMid:156093
db:PACKETSTORMid:156721
db:PACKETSTORMid:155603
db:JVNDBid:JVNDB-2019-013984
db:NVDid:CVE-2019-11745

LAST UPDATE DATE

2026-07-09T22:52:24.711000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-11745date:2021-02-19T00:00:00
db:JVNDBid:JVNDB-2019-013984date:2020-01-23T00:00:00
db:NVDid:CVE-2019-11745date:2024-11-21T04:21:42.373

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-11745date:2020-01-08T00:00:00
db:PACKETSTORMid:155487date:2019-11-28T01:22:40
db:PACKETSTORMid:157044date:2020-04-01T15:23:37
db:PACKETSTORMid:157142date:2020-04-07T16:41:47
db:PACKETSTORMid:156299date:2020-02-11T15:56:55
db:PACKETSTORMid:155546date:2019-12-04T23:11:46
db:PACKETSTORMid:155989date:2020-01-17T16:38:14
db:PACKETSTORMid:156093date:2020-01-27T22:53:39
db:PACKETSTORMid:156721date:2020-03-14T17:08:25
db:PACKETSTORMid:155603date:2019-12-09T23:42:22
db:JVNDBid:JVNDB-2019-013984date:2020-01-23T00:00:00
db:NVDid:CVE-2019-11745date:2020-01-08T20:15:12.313