Main Vulnerability Database Vulnerabilities #VU20823

Use-after-free in Mozilla Firefox - CVE-2019-11752

Published: September 3, 2019

Vulnerability identifier: #VU20823

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-11752

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when extracting a key value in IndexedDB. A remote attacker can create specially crafted webpage, trick the victim into visiting it, trigger a user-after-free error by deleting the IndexedDB key value and subsequently make the application try to extract it during conversion.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2019-11752

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/

Use-after-free in Mozilla Firefox - CVE-2019-11752

Detailed vulnerability description

How to mitigate CVE-2019-11752

Sources

Please verify you're human