Vulnerability Name:

CCN-161346

Published:2019-05-21
Updated:2019-05-21
Summary:Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in the png_image_free function in the libpng library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: IBM Security Bulletin 966821 (Application Performance Management)
Synthetic Playback Agent 8.1.x is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1072984 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: Oracle CPUJul2019
Oracle Critical Patch Update Advisory - July 2019

Source: XF
Type: UNKNOWN
firefox-cve20197317-dos(161346)

Source: CCN
Type: IBM Security Bulletin 887793 (VRA Vyatta 5600)
Vyatta 5600 vRouter Software Patches - Release 1801-z

Source: CCN
Type: IBM Security Bulletin 958005 (Scale Out Network Attached Storage)
Multiple Mozilla Firefox vulnerability in IBM SONAS

Source: CCN
Type: IBM Security Bulletin 1107879 (Application Diagnostics)
Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products

Source: CCN
Type: IBM Security Bulletin 1137448 (Cloud Transformation Advisor)
Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Source: CCN
Type: IBM Security Bulletin 1138432 (Watson Studio Local)
Multiple Vulnerabilities in libpng affects IBM Watson Studio Local

Source: CCN
Type: IBM Security Bulletin 2801073 (Netcool Agile Service Manager)
Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Source: CCN
Type: IBM Security Bulletin 6113410 (Application Performance Management)
Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Source: CCN
Type: IBM Security Bulletin 6151605 (Agile Lifecycle Manager)
Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager

Source: CCN
Type: IBM Security Bulletin 6199287 (Workload Automation)
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler.

Source: CCN
Type: IBM Security Bulletin 6323657 (Security Guardium)
Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Source: CCN
Type: IBM Security Bulletin 6348036 (Tivoli Federated Identity Manager)
Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Source: CCN
Type: IBM Security Bulletin 6837345 (PureData System for Operational Analytics)
IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 1072496 (Tivoli Monitoring V6)
IBM SDK, Java Technology Edition Quarterly CPU - Jul 2019 - Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Source: CCN
Type: Mozilla Foundation Security Advisory 2019-13
Security vulnerabilities fixed in Firefox 67

Source: CCN
Type: Mozilla Foundation Security Advisory 2019-14
Security vulnerabilities fixed in Firefox ESR 60.7

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:mozilla:firefox_esr:60.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:scale_out_network_attached_storage:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:monitoring:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_performance_management:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_automation:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_automation:9.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_automation:9.4:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:virtual_router_appliance_firmware:vyatta_5600:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:java:11.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:java_se:7:u221:*:*:*:*:*:*
  • OR cpe:/a:oracle:java:8:u212:*:*:*:*:*:*
  • OR cpe:/a:oracle:java_se_embedded:8:u211:*:*:*:*:*:*
  • OR cpe:/a:ibm:netcool_agile_service_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:7.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_diagnostics:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_performance_management:8.1.3:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:watson_studio_local:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:agile_lifecycle_manager:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:agile_lifecycle_manager:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_automation:9.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mozilla firefox esr 60.6
    ibm aix 7.1
    ibm tivoli federated identity manager 6.2.2
    ibm vios 2.2
    ibm scale out network attached storage 1.5
    ibm security guardium 9.0
    ibm security guardium 10.0
    ibm monitoring 8.1.3
    ibm aix 7.2
    ibm application performance management 8.1.3
    ibm monitoring 8.1.4
    ibm workload automation 9.2
    ibm workload automation 9.3
    ibm workload automation 9.4
    ibm virtual router appliance firmware vyatta_5600
    ibm security guardium 10.6
    oracle java 11.0.3
    oracle java se 7 u221
    oracle java 8 u212
    oracle java se embedded 8 u211
    ibm netcool agile service manager 1.1
    ibm application performance management 8.1.4
    ibm tivoli monitoring 7.4.0
    ibm vios 3.1
    ibm application diagnostics 8.1.3
    ibm application performance management 8.1.3
    ibm watson studio local 1.2.3
    ibm cloud transformation advisor 2.0.1
    ibm security guardium 11.0
    ibm agile lifecycle manager 2.0
    ibm agile lifecycle manager 2.0.0.1
    ibm workload automation 9.5