VAR-202001-1433
Vulnerability from variot - Updated: 2026-03-09 22:28When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Background
The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2019:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152 Issue date: 2019-12-10 CVE Names: CVE-2019-11745 ==================================================================== 1. Summary:
An update for nss-softokn is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.
Security Fix(es):
- nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
ppc64: nss-softokn-3.44.0-6.el6_10.ppc.rpm nss-softokn-3.44.0-6.el6_10.ppc64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm
s390x: nss-softokn-3.44.0-6.el6_10.s390.rpm nss-softokn-3.44.0-6.el6_10.s390x.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm nss-softokn-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5 lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz 5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg 2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD 9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN +wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP Iowc4iq7Yac=lxBi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4335-1 April 21, 2020
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825)
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745)
It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755)
A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903)
It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794)
It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2
After a standard system update you need to restart Thunderbird to make all the necessary changes. 7.4) - x86_64
-
8) - aarch64, ppc64le, s390x, x86_64
-
Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02
https://security.gentoo.org/
Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.
Background
Mozilla Firefox is a popular open-source web browser from the Mozilla Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0"
References
[ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - ppc64le, x86_64
For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "68.3.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"_id": null,
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "71.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "firefox esr",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "68.3"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"_id": null,
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu,Red Hat,Craig Disselkoen,Slackware Security Team,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
},
"cve": "CVE-2019-11745",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-11745",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11745",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11745",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11745",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"description": {
"_id": null,
"data": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71. \n\nBackground\n==========\n\nThe Mozilla Network Security Service (NSS) is a library implementing\nsecurity features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11,\nPKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: nss-softokn security update\nAdvisory ID: RHSA-2019:4152-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:4152\nIssue date: 2019-12-10\nCVE Names: CVE-2019-11745\n====================================================================\n1. Summary:\n\nAn update for nss-softokn is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nThe nss-softokn package provides the Network Security Services Softoken\nCryptographic Module. \n\nSecurity Fix(es):\n\n* nss: Out-of-bounds write when passing an output buffer smaller than the\nblock size to NSC_EncryptUpdate (CVE-2019-11745)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\ni386:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\n\nx86_64:\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\ni386:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\n\nppc64:\nnss-softokn-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm\n\ns390x:\nnss-softokn-3.44.0-6.el6_10.s390.rpm\nnss-softokn-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-devel-3.44.0-6.el6_10.s390.rpm\nnss-softokn-devel-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.s390.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\ni386:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11745\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5\nlQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV\natrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM\nN7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz\n5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT\nMe5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg\n2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu\npUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv\nrnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD\n9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN\n+wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP\nIowc4iq7Yac=lxBi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4335-1\nApril 21, 2020\n\nthunderbird vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Thunderbird. \n\nSoftware Description:\n- thunderbird: Mozilla Open Source mail and newsgroup client\n\nDetails:\n\nMultiple security issues were discovered in Thunderbird. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, bypass security restrictions, bypass\nsame-origin restrictions, conduct cross-site scripting (XSS) attacks, or\nexecute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,\nCVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,\nCVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,\nCVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,\nCVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,\nCVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,\nCVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,\nCVE-2020-6825)\n\nIt was discovered that NSS incorrectly handled certain memory operations. \nA remote attacker could potentially exploit this to cause a denial of\nservice, or execute arbitrary code. (CVE-2019-11745)\n\nIt was discovered that a specially crafted S/MIME message with an inner\nencryption layer could be displayed as having a valid signature in some\ncircumstances, even if the signer had no access to the encrypted message. \nAn attacker could potentially exploit this to spoof the message author. \n(CVE-2019-11755)\n\nA heap overflow was discovered in the expat library in Thunderbird. If a\nuser were tricked in to opening a specially crafted message, an attacker\ncould potentially exploit this to cause a denial of service, or execute\narbitrary code. (CVE-2019-15903)\n\nIt was discovered that Message ID calculation was based on uninitialized\ndata. An attacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2020-6792)\n\nMutiple security issues were discovered in Thunderbird. If a user were\ntricked in to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,\nCVE-2020-6822)\n\nIt was discovered that if a user saved passwords before Thunderbird 60 and\nthen later set a master password, an unencrypted copy of these passwords\nwould still be accessible. A local user could exploit this to obtain\nsensitive information. (CVE-2020-6794)\n\nIt was discovered that the Devtools\u2019 \u2018Copy as cURL\u2019 feature did not\nfully escape website-controlled data. If a user were tricked in to using\nthe \u2018Copy as cURL\u2019 feature to copy and paste a command with specially\ncrafted data in to a terminal, an attacker could potentially exploit this\nto execute arbitrary commands via command injection. (CVE-2020-6811)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2\n\nAfter a standard system update you need to restart Thunderbird to make\nall the necessary changes. 7.4) - x86_64\n\n3. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mozilla Firefox: Multiple vulnerabilities\n Date: March 12, 2020\n Bugs: #702638, #705000, #709346, #712182\n ID: 202003-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox, the worst\nof which may allow execution of arbitrary code. \n\nBackground\n==========\n\nMozilla Firefox is a popular open-source web browser from the Mozilla\nProject. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 68.6.0 \u003e= 68.6.0\n 2 www-client/firefox-bin \u003c 68.6.0 \u003e= 68.6.0\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-68.6.0\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-68.6.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-11745\n https://nvd.nist.gov/vuln/detail/CVE-2019-11745\n[ 2 ] CVE-2019-17005\n https://nvd.nist.gov/vuln/detail/CVE-2019-17005\n[ 3 ] CVE-2019-17008\n https://nvd.nist.gov/vuln/detail/CVE-2019-17008\n[ 4 ] CVE-2019-17010\n https://nvd.nist.gov/vuln/detail/CVE-2019-17010\n[ 5 ] CVE-2019-17011\n https://nvd.nist.gov/vuln/detail/CVE-2019-17011\n[ 6 ] CVE-2019-17012\n https://nvd.nist.gov/vuln/detail/CVE-2019-17012\n[ 7 ] CVE-2019-17016\n https://nvd.nist.gov/vuln/detail/CVE-2019-17016\n[ 8 ] CVE-2019-17017\n https://nvd.nist.gov/vuln/detail/CVE-2019-17017\n[ 9 ] CVE-2019-17022\n https://nvd.nist.gov/vuln/detail/CVE-2019-17022\n[ 10 ] CVE-2019-17024\n https://nvd.nist.gov/vuln/detail/CVE-2019-17024\n[ 11 ] CVE-2019-17026\n https://nvd.nist.gov/vuln/detail/CVE-2019-17026\n[ 12 ] CVE-2019-20503\n https://nvd.nist.gov/vuln/detail/CVE-2019-20503\n[ 13 ] CVE-2020-6796\n https://nvd.nist.gov/vuln/detail/CVE-2020-6796\n[ 14 ] CVE-2020-6797\n https://nvd.nist.gov/vuln/detail/CVE-2020-6797\n[ 15 ] CVE-2020-6798\n https://nvd.nist.gov/vuln/detail/CVE-2020-6798\n[ 16 ] CVE-2020-6799\n https://nvd.nist.gov/vuln/detail/CVE-2020-6799\n[ 17 ] CVE-2020-6800\n https://nvd.nist.gov/vuln/detail/CVE-2020-6800\n[ 18 ] CVE-2020-6805\n https://nvd.nist.gov/vuln/detail/CVE-2020-6805\n[ 19 ] CVE-2020-6806\n https://nvd.nist.gov/vuln/detail/CVE-2020-6806\n[ 20 ] CVE-2020-6807\n https://nvd.nist.gov/vuln/detail/CVE-2020-6807\n[ 21 ] CVE-2020-6811\n https://nvd.nist.gov/vuln/detail/CVE-2020-6811\n[ 22 ] CVE-2020-6812\n https://nvd.nist.gov/vuln/detail/CVE-2020-6812\n[ 23 ] CVE-2020-6814\n https://nvd.nist.gov/vuln/detail/CVE-2020-6814\n[ 24 ] MFSA-2019-37\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\n[ 25 ] MFSA-2020-03\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/\n[ 26 ] MFSA-2020-06\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/\n[ 27 ] MFSA-2020-09\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. 8.0) - ppc64le, x86_64\n\n3. \n \nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u2. \n\nWe recommend that you upgrade your nss packages. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8\nTjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj\nsSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl\nBt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq\njG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH\nUTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0\nhR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o\nDpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F\n8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co\nTgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz\nZ4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5\nyOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=\n=QZmZ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
},
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "155609"
},
{
"db": "PACKETSTORM",
"id": "157345"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "155589"
},
{
"db": "PACKETSTORM",
"id": "156704"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "155601"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-11745",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-04",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-379803",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "156770",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157345",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155589",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156704",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156093",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4739",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4555",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1339",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0483",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4449",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4723",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0307",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4579",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4507",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1173",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4674",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4610",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0194",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4594",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156721",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157226",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155487",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155989",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155622",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155546",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47047",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-11745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155601",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "155609"
},
{
"db": "PACKETSTORM",
"id": "157345"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "155589"
},
{
"db": "PACKETSTORM",
"id": "156704"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "155601"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"id": "VAR-202001-1433",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2026-03-09T22:28:09.316000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Multiple Mozilla Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106677"
},
{
"title": "Red Hat: Important: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200243 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201461 - Security Advisory"
},
{
"title": "Red Hat: Important: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194114 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200466 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194152 - Security Advisory"
},
{
"title": "Red Hat: Important: nss, nss-softokn, nss-util security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194190 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201345 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201267 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-2"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-1"
},
{
"title": "Debian Security Advisories: DSA-4579-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0af759a984821af0886871e7a26a298e"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-11745 log"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1379",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1379"
},
{
"title": "IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=74fd642ff4a4659039a762a5a0a24106"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1942",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1942"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1384",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1384"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1355",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1355"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-1"
},
{
"title": "Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-2"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4241-1"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=940e53f5eecee1395e2713b0ed07506b"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=dffa374fab03b4f5b5596346629ccc8c"
},
{
"title": "Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-1"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Firefox 71",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=a8e439d387c58595bbdb24cc3bdadd40"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4335-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2020:0243"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4241-1/"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0466"
},
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-02"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"trust": 1.7,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
},
{
"trust": 1.7,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
},
{
"trust": 1.7,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4335-1/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11745"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4203-2/"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4203-1/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/errata/rhsa-2019:4152"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4216-2/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019:4117"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193347-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2019/dsa-4579"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193339-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914260-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00026.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2019/dla-2020"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019:4190"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155589/red-hat-security-advisory-2019-4114-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4449/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-cve-2019-11729-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155622/red-hat-security-advisory-2019-4190-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155546/slackware-security-advisory-mozilla-firefox-updates.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155487/ubuntu-security-notice-usn-4203-2.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-softokn-nss-util-vulnerability-cve-2019-11729-and-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0483/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156770/gentoo-linux-security-advisory-202003-37.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0194/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-network-security-services-nss-vulnerabilities-cve-2019-11729-and-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157226/red-hat-security-advisory-2020-1461-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155989/ubuntu-security-notice-usn-4241-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156093/red-hat-security-advisory-2020-0243-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4739/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-nsc-encryptupdate-30971"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4507/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1339/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157345/ubuntu-security-notice-usn-4335-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4579/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0307/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157142/red-hat-security-advisory-2020-1345-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4775/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4555/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4610/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4723/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156704/gentoo-linux-security-advisory-202003-02.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4674/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4594/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156721/gentoo-linux-security-advisory-202003-10.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1173/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1242/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1387/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47047"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-11745"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0495"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0495"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17008"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6814"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17026"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17022"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17016"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17024"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17011"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6812"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17012"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11696"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11698"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4335-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6822"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6794"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11760"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6799"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17017"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6807"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nss"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "155609"
},
{
"db": "PACKETSTORM",
"id": "157345"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "155589"
},
{
"db": "PACKETSTORM",
"id": "156704"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "155601"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2019-11745",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157044",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156770",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155609",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157345",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157142",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155589",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156704",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156093",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155601",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-11745",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11745",
"ident": null
},
{
"date": "2020-04-01T15:23:37",
"db": "PACKETSTORM",
"id": "157044",
"ident": null
},
{
"date": "2020-03-16T22:35:27",
"db": "PACKETSTORM",
"id": "156770",
"ident": null
},
{
"date": "2019-12-10T15:49:04",
"db": "PACKETSTORM",
"id": "155609",
"ident": null
},
{
"date": "2020-04-22T15:10:10",
"db": "PACKETSTORM",
"id": "157345",
"ident": null
},
{
"date": "2020-04-07T16:41:47",
"db": "PACKETSTORM",
"id": "157142",
"ident": null
},
{
"date": "2019-12-09T15:52:48",
"db": "PACKETSTORM",
"id": "155589",
"ident": null
},
{
"date": "2020-03-12T20:16:23",
"db": "PACKETSTORM",
"id": "156704",
"ident": null
},
{
"date": "2020-01-27T22:53:39",
"db": "PACKETSTORM",
"id": "156093",
"ident": null
},
{
"date": "2019-12-09T22:22:22",
"db": "PACKETSTORM",
"id": "155601",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"ident": null
},
{
"date": "2020-01-08T20:15:12.313000",
"db": "NVD",
"id": "CVE-2019-11745",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11745",
"ident": null
},
{
"date": "2021-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"ident": null
},
{
"date": "2024-11-21T04:21:42.373000",
"db": "NVD",
"id": "CVE-2019-11745",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Mozilla Firefox Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.