8.8

CVE-2019-17024

Exploit

EPSS 3.28%
Veröffentlicht 08.01.2020 22:15:12
Zuletzt bearbeitet 21.11.2024 04:31:34
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 28

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 72.0

Mozilla ≫ Firefox ESR Version < 68.4

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Canonical ≫ Ubuntu Linux Version19.10

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.28%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/4335-1/

Third Party Advisory

https://security.gentoo.org/glsa/202003-02

Third Party Advisory

https://usn.ubuntu.com/4241-1/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0292

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0295

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html

Third Party Advisory

Exploit

VDB Entry

https://seclists.org/bugtraq/2020/Jan/18

Third Party Advisory

Mailing List

https://www.mozilla.org/security/advisories/mfsa2020-01/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2020-02/

Vendor Advisory

https://access.redhat.com/errata/RHSA-2020:0085

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0086

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0111

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0120

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0123

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0127

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2020/Jan/12

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2020/Jan/26

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4234-1/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4600

Third Party Advisory

https://www.debian.org/security/2020/dsa-4603

Third Party Advisory

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-17024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-17024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-17024

EUVD