PT-2019-4869 · Mozilla+5 · Firefox+5
Bob Clary
+2
·
Published
2019-12-03
·
Updated
2024-12-12
·
CVE-2019-17024
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 72
Firefox ESR versions prior to 68.4
Description
The issue is related to a memory safety bug that can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The bug is associated with a buffer copy error from memory without checking its size. Some of these bugs have shown evidence of memory corruption, and it is presumed that with sufficient effort, they could have been exploited to run arbitrary code.
Recommendations
For Firefox versions prior to 72, update to version 72 or later to resolve the issue.
For Firefox ESR versions prior to 68.4, update to version 68.4 or later to resolve the issue.
Exploit
Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Red Hat
Suse
Ubuntu