{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T00:02:50.223","vulnerabilities":[{"cve":{"id":"CVE-2019-11691","sourceIdentifier":"security@mozilla.org","published":"2019-07-23T14:15:13.903","lastModified":"2024-11-21T04:21:36.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."},{"lang":"es","value":"Puede ocurrir una vulnerabilidad de uso después de liberarse cuando se trabaja con XMLHttpRequest (XHR) en un bucle de eventos, lo que hace que se llame al subproceso principal de XHR después de que se haya liberado. Esto da lugar a una caída potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird inferior a 60.7, Firefox inferior a 67 y Firefox ESR inferior a 60.7 .."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"67.0","matchCriteriaId":"83DEE955-3E09-489F-BE40-2FD33EACF436"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"60.7","matchCriteriaId":"0AE86A15-DB39-4AA7-992B-FEBC77C52CF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"60.7","matchCriteriaId":"FD578CD5-6B23-4339-BE6F-4FC336F890B2"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1542465","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-13/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-14/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-15/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1542465","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-13/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-14/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-15/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}