CVE-2019-17024

🗓️ 08 Jan 2020 21:31:03Reported by mozillaType

Mozilla Firefox ESR and Firefox prior to 68.4 and 72 are prone to memory corruption leading to arbitrary code execution

Reporter	Title	Published	Views	Family All 174
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 68.4.1-alt1	8 Jan 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 68.4.1-alt1	11 Jan 202000:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.4 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF10 + ICAM 3.0 - 4.0	6 Mar 202005:24	–	ibm
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2020-1393)	13 Feb 202000:00	–	nessus
Tenable Nessus	CentOS 8 : firefox (CESA-2020:0111)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (RHSA-2020:0085)	16 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 6 : firefox (RHSA-2020:0086)	15 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (RHSA-2020:0120)	21 Jan 202000:00	–	nessus
Tenable Nessus	CentOS 6 : thunderbird (RHSA-2020:0123)	21 Jan 202000:00	–	nessus
Tenable Nessus	Debian DLA-2061-1 : firefox-esr security update	10 Jan 202000:00	–	nessus

NVD

Vulners

Node

mozilla firefoxRange<72.0

mozilla firefox_esrRange<68.4

Node

canonical ubuntu_linuxMatch16.04esm

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch19.04

canonical ubuntu_linuxMatch19.10

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.7

redhat enterprise_linux_eusMatch8.1

redhat enterprise_linux_eusMatch8.2

redhat enterprise_linux_eusMatch8.4

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_ausMatch8.2

redhat enterprise_linux_server_ausMatch8.4

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_server_tusMatch8.2

redhat enterprise_linux_server_tusMatch8.4

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

Node

opensuse leapMatch15.1

[
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 68.4"
      }
    ]
  },
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "affected",
        "version": "before 72"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2020:0085
seclists	www.seclists.org/bugtraq/2020/Jan/18
seclists	www.seclists.org/bugtraq/2020/Jan/26
access	www.access.redhat.com/errata/RHSA-2020:0120
access	www.access.redhat.com/errata/RHSA-2020:0086
lists	www.lists.debian.org/debian-lts-announce/2020/01/msg00005.html
packetstormsecurity	www.packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
access	www.access.redhat.com/errata/RHSA-2020:0127
mozilla	www.mozilla.org/security/advisories/mfsa2020-02/

21 Nov 2024 04:31Current

9.2High risk

Vulners AI Score9.2

CVSS 26.8

CVSS 3.18.8

EPSS0.0208

CWE-787