PT-2020-6712 · Mozilla+3 · Firefox+4

Thomas Imbert

Published

2020-01-07

Updated

2024-06-15

CVE-2019-17015

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.4 Firefox versions prior to 72

Description The issue is related to a memory corruption problem that can occur during the initialization of a new content process, potentially leading to a crash in the parent process. This problem is specific to Windows and does not affect other operating systems. The vulnerability is also described as a buffer overflow issue that could allow a remote attacker to execute arbitrary code.

Recommendations For Firefox ESR versions prior to 68.4, update to version 68.4 or later. For Firefox versions prior to 72, update to version 72 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-1013

ALT-PU-2020-1032

ALT-PU-2020-1110

ALT-PU-2020-1166

ALT-PU-2020-1515

ALT-PU-2020-1617

BDU:2022-05733

CVE-2019-17015

OPENSUSE-SU-2020:0060-1

OPENSUSE-SU-2020:0094-1

OPENSUSE-SU-2020_0060-1

OPENSUSE-SU-2020_0094-1

OPENSUSE-SU-2024:10601-1

SUSE-SU-2020:0068-1

SUSE-SU-2020:0078-1

SUSE-SU-2020:0142-1

SUSE-SU-2020:14268-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Windows

PT-2020-6712 · Mozilla+3 · Firefox+4

CVE-2019-17015

Weakness Enumeration

Related Identifiers

Affected Products

References · 439