PT-2019-4079 · Mozilla+5 · Firefox+6

Jonas Allmann

·

Published

2019-07-09

·

Updated

2024-12-12

·

CVE-2019-11729

CVSS v2.0

7.8

High

AV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 60.8 Firefox versions prior to 68 Thunderbird versions prior to 60.8
Description The issue is related to the handling of p256-ECDH public keys, where empty or malformed keys may cause a segmentation fault due to improper sanitization before being used in memory. This can potentially allow a remote attacker to cause a denial of service.
Recommendations For Firefox ESR versions prior to 60.8, update to version 60.8 or later. For Firefox versions prior to 68, update to version 68 or later. For Thunderbird versions prior to 60.8, update to version 60.8 or later.

Exploit

Fix

RCE

Buffer Overflow

Weakness Enumeration

CWE-20CWE-119

Related Identifiers

ALT-PU-2019-2231
ALT-PU-2019-2233
ALT-PU-2019-2249
ALT-PU-2019-2259
ALT-PU-2019-2301
ALT-PU-2019-2324
ALT-PU-2019-2479
ALT-PU-2019-2486
ALT-PU-2020-1166
ALT-PU-2020-1515
BDU:2019-04642
CESA-2019_1951
CESA-2019_4190
CVE-2019-11729
DLA-1857-1
DLA-2388-1
DSA-4479-1
DSA-4482-1
MGASA-2019-0211
MGASA-2019-0212
MGASA-2019-0213
MGASA-2019-0272
OPENSUSE-SU-2019:1782-1
OPENSUSE-SU-2019:1811-1
OPENSUSE-SU-2019:1813-1
OPENSUSE-SU-2019:1990-1
OPENSUSE-SU-2019:2248-1
OPENSUSE-SU-2019:2249-1
OPENSUSE-SU-2019_1782-1
OPENSUSE-SU-2019_1811-1
OPENSUSE-SU-2019_1813-1
OPENSUSE-SU-2019_2248-1
OPENSUSE-SU-2019_2249-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:11058-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1951
RHSA-2019:4190
RHSA-2019_1951
RHSA-2019_4190
SUSE-SU-2019:14124-1
SUSE-SU-2019:14246-1
SUSE-SU-2019:1861-1
SUSE-SU-2019:1861-2
SUSE-SU-2019:1861-3
SUSE-SU-2019:1869-1
SUSE-SU-2019:1960-1
SUSE-SU-2019:2515-1
SUSE-SU-2019:2620-1
SUSE-SU-2019_14124-1
SUSE-SU-2019_14246-1
USN-4054-1
USN-4054-2
USN-4060-1
USN-4060-2
USN-4064-1

Affected Products

Alt Linux
Centos
Firefox
Red Hat
Suse
Thunderbird
Ubuntu