CVE-2019-11713

{"id": "CVE-2019-11713", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-23T14:15:15.670", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html", "source": "[email protected]"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html", "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html", "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/201908-12", "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/201908-20", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201908-12", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201908-20", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."}, {"lang": "es", "value": "Puede ocurrir una vulnerabilidad de uso de la memoria previamente liberada en HTTP/2 cuando una transmisi\u00f3n HTTP/2 almacenada en cach\u00e9 se cierra cuando a\u00fan est\u00e1 en uso, lo que resulta en un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR anterior a versi\u00f3n 60.8, Firefox anterior a versi\u00f3n 68 y Thunderbird anterior a versi\u00f3n 60.8."}], "lastModified": "2025-11-25T17:50:16.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66A15D56-0C99-4E44-9F8D-439D50EC355F", "versionEndExcluding": "60.8.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB53FE62-B5D2-497B-A7E3-40FFE81A9653", "versionEndExcluding": "68.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD4F2C0-0E41-48C3-8D97-8AA9016D738B", "versionEndExcluding": "60.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}