CVE-2019-11713 : Security Advisory and Response
Learn about CVE-2019-11713, a use-after-free vulnerability in HTTP/2 affecting Firefox ESR, Firefox, and Thunderbird versions. Find out how to mitigate and prevent this security issue.
A use-after-free vulnerability in HTTP/2 affecting Firefox ESR, Firefox, and Thunderbird versions.
Understanding CVE-2019-11713
A vulnerability impacting Mozilla products due to a use-after-free issue in HTTP/2.
What is CVE-2019-11713?
This CVE involves a use-after-free vulnerability in HTTP/2, potentially leading to a crash if a cached HTTP/2 stream is closed while still in use. It affects Firefox ESR versions prior to 60.8, Firefox versions prior to 68, and Thunderbird versions prior to 60.8.
The Impact of CVE-2019-11713
The vulnerability could be exploited to cause a potentially exploitable crash in affected versions of Firefox ESR, Firefox, and Thunderbird.
Technical Details of CVE-2019-11713
Details about the vulnerability and its implications.
Vulnerability Description
A use-after-free vulnerability in HTTP/2 when closing a cached stream still in use, potentially leading to a crash.
Affected Systems and Versions
- Firefox ESR versions prior to 60.8
- Firefox versions prior to 68
- Thunderbird versions prior to 60.8
Exploitation Mechanism
The vulnerability can be exploited by manipulating HTTP/2 streams, causing a crash in the affected products.
Mitigation and Prevention
Ways to address and prevent the CVE-2019-11713 vulnerability.
Immediate Steps to Take
- Update Firefox ESR, Firefox, and Thunderbird to versions 60.8, 68, and 60.8 respectively.
- Monitor for any unusual activities on HTTP/2 streams.
Long-Term Security Practices
- Regularly update Mozilla products to the latest versions.
- Implement network monitoring for HTTP/2 traffic to detect anomalies.
Patching and Updates
- Apply security patches provided by Mozilla promptly to address the vulnerability.