CVE-2019-11713: Use After Free

Q: What is CVE-2019-11713?

CVE-2019-11713 is a use-after-free vulnerability in HTTP/2 that can result in a potentially exploitable crash.

Q: Which software products are affected by CVE-2019-11713?

CVE-2019-11713 affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Q: How severe is CVE-2019-11713?

CVE-2019-11713 has a severity rating of 9.8 (Critical).

Q: How can I fix CVE-2019-11713?

To fix CVE-2019-11713, you should update Firefox ESR to version 60.8 or later, update Firefox to version 68 or later, and update Thunderbird to version 60.8 or later.

Q: Where can I find more information about CVE-2019-11713?

You can find more information about CVE-2019-11713 on the Mozilla Bugzilla and Mozilla Security Advisories websites.

Published Jul 9, 2019

Updated

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash.

Affected Software

8 affected componentsFixes available

Mozilla Thunderbird<68

Mozilla Thunderbird<60.8

60.8

Mozilla Firefox<68.0

Mozilla Firefox ESR<60.8.0

Mozilla Thunderbird<60.8.0

Mozilla Firefox<68

Mozilla Firefox ESR<60.8

60.8

Mozilla Firefox<60.8.0

Event History

Jul 9, 2019

CVE Published

via Mozilla·12:00 AM

Jul 23, 2019

CVE Published

via MITRE·01:18 PM

Data Sourced

via MITRE·01:18 PM

DescriptionWeakness

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-11713?

CVE-2019-11713 is a use-after-free vulnerability in HTTP/2 that can result in a potentially exploitable crash.

Which software products are affected by CVE-2019-11713?

CVE-2019-11713 affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

How severe is CVE-2019-11713?