PT-2019-5227 · Mozilla+6 · Firefox+6

Publicado

2019-12-03

Atualizado

2024-12-12

CVE-2019-17023

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 72

Description The issue is related to an error in the HelloRetryRequest extension, where a client can negotiate a protocol lower than TLS 1.3. This can lead to an invalid state transition in the TLS State Machine. If the client enters this state, incoming Application Data records will be ignored. A remote attacker can exploit this issue to impact data integrity.

Recommendations For Firefox versions prior to 72, update to version 72 or later to resolve the issue.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2020-1109

ALT-PU-2020-1110

ALT-PU-2020-1616

ALT-PU-2020-1617

ALT-PU-2020-2408

ALT-PU-2020-2933

ALT-PU-2021-1368

BDU:2020-01970

CESA-2020_3280

CESA-2020_4076

CVE-2019-17023

DSA-4726-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

RHSA-2020:3280

RHSA-2020:4076

RHSA-2020_3280

RHSA-2020_4076

RLSA-2020:3280

USN-4234-1

USN-4234-2

USN-4397-1

Produtos afetados

Alt Linux

Centos

Firefox

Linuxmint

Red Hat

Rocky Linux

Ubuntu

PT-2019-5227 · Mozilla+6 · Firefox+6

CVE-2019-17023

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1923