CVE-2019-11692

{"id": "CVE-2019-11692", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-23T14:15:13.983", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544670", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544670", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."}, {"lang": "es", "value": "Se puede producir una vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n cuando los escuchas se eliminan del administrador de escuchas de eventos mientras a\u00fan est\u00e1n en uso, lo que resulta en un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a 60.7, Firefox anterior a 67 y Firefox ESR anterior a 60.7"}], "lastModified": "2025-11-25T17:50:16.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAA97805-B287-4754-A467-594E9B1CC126", "versionEndExcluding": "60.7.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83DEE955-3E09-489F-BE40-2FD33EACF436", "versionEndExcluding": "67.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C08191-FCDD-423D-997E-50E5ABEC0CDA", "versionEndExcluding": "60.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}