CVE-2019-17017

🗓️ 08 Jan 2020 21:27:36Reported by mozillaType

Due to missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72

Reporter	Title	Published	Views	Family All 184
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 68.4.1-alt1	8 Jan 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 68.4.1-alt1	11 Jan 202000:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.4 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF10 + ICAM 3.0 - 4.0	6 Mar 202005:24	–	ibm
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2020-1393)	13 Feb 202000:00	–	nessus
Tenable Nessus	CentOS 8 : firefox (CESA-2020:0111)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (RHSA-2020:0085)	16 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 6 : firefox (RHSA-2020:0086)	15 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (RHSA-2020:0120)	21 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 6 : thunderbird (RHSA-2020:0123)	21 Jan 202000:00	–	nessus
Tenable Nessus	Debian DLA-2061-1 : firefox-esr security update	10 Jan 202000:00	–	nessus

NVD

Vulners

Node

mozilla firefoxRange<72.0

mozilla firefox_esrRange<68.4

Node

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch19.04

canonical ubuntu_linuxMatch19.10

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

[
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 68.4"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 72"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2020:0085
seclists	www.seclists.org/bugtraq/2020/Jan/18
seclists	www.seclists.org/bugtraq/2020/Jan/26
access	www.access.redhat.com/errata/RHSA-2020:0120
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2020:0086
lists	www.lists.debian.org/debian-lts-announce/2020/01/msg00005.html
packetstormsecurity	www.packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
access	www.access.redhat.com/errata/RHSA-2020:0127

21 Nov 2024 04:31Current

8.2High risk

Vulners AI Score8.2

CVSS 26.8

CVSS 3.18.8

EPSS0.01768

CWE-843