Bug 1149287 (CVE-2019-11734)

Summary: VUL-0: CVE-2019-11734: MozillaFirefox: Memory safety bugs fixed in Firefox 69
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Charles Robertson <cgrobertson>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Enhancement    
Priority: P3 - Medium CC: abergmann, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/241697/
Whiteboard: CVSSv2:NVD:CVE-2019-11734:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1149324    
Bug Blocks:    

Description Alexander Bergmann 2019-09-04 06:48:24 UTC 
CVE-2019-11734: Memory safety bugs fixed in Firefox 69

Reporter   Mozilla developers and community
Impact     high

Description
Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

References:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11734
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1352875%2C1536227%2C1557208%2C1560641
https://bugzilla.redhat.com/show_bug.cgi?id=1748676
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11734
Comment 1 Alexander Bergmann 2019-11-20 07:28:29 UTC 
This issue is fixed in Firefox 69.

openSUSE uses different versions:

openSUSE:Leap:15.0 60.0esr
openSUSE:Leap:15.1 60.6.2esr
openSUSE:Leap:15.2 68.2.0esr
openSUSE:Factory   70.0.1

SLE is also using only ESR versions and not Firefox 69.

Closing bug as invalid.