PT-2019-5227 · Mozilla+6 · Firefox+6

Published

2019-12-03

Updated

2024-12-12

CVE-2019-17023

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 72

Description The issue is related to an error in the HelloRetryRequest extension, where a client can negotiate a protocol lower than TLS 1.3. This can lead to an invalid state transition in the TLS State Machine. If the client enters this state, incoming Application Data records will be ignored. A remote attacker can exploit this issue to impact data integrity.

Recommendations For Firefox versions prior to 72, update to version 72 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2020-1109

ALT-PU-2020-1110

ALT-PU-2020-1616

ALT-PU-2020-1617

ALT-PU-2020-2408

ALT-PU-2020-2933

ALT-PU-2021-1368

BDU:2020-01970

CESA-2020_3280

CESA-2020_4076

CVE-2019-17023

DSA-4726-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

RHSA-2020:3280

RHSA-2020:4076

RHSA-2020_3280

RHSA-2020_4076

RLSA-2020:3280

USN-4234-1

USN-4234-2

USN-4397-1

Affected Products

Alt Linux

Centos

Firefox

Linuxmint

Red Hat

Rocky Linux

Ubuntu

PT-2019-5227 · Mozilla+6 · Firefox+6

CVE-2019-17023

Weakness Enumeration

Related Identifiers

Affected Products

References · 1923