PT-2019-5018 · Mozilla+5 · Firefox Esr+7
Mirko Brodesser
·
Published
2019-12-03
·
Updated
2024-12-12
·
CVE-2019-17005
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 71
Firefox ESR versions prior to 68.3
Thunderbird versions prior to 68.3
Description
The issue is related to a serialization mechanism in the affected software, where a lack of input size validation leads to a potential buffer overflow. This could result in memory corruption and a crash, potentially allowing a remote attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity.
Recommendations
For Firefox versions prior to 71, update to version 71 or later.
For Firefox ESR versions prior to 68.3, update to version 68.3 or later.
For Thunderbird versions prior to 68.3, update to version 68.3 or later.
Exploit
Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu