Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11729

Опубликовано: 23 июл. 2019
Источник: debian
EPSS Низкий

Описание

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed68.0-1package
firefox-esrfixed60.8.0esr-1package
firefox-esrfixed60.8.0esr-1~deb10u1busterpackage
firefox-esrfixed60.8.0esr-1~deb9u1stretchpackage
thunderbirdfixed1:60.8.0-1package
thunderbirdfixed1:60.8.0-1~deb10u1busterpackage
thunderbirdfixed1:60.8.0-1~deb9u1stretchpackage
nssfixed2:3.45-1package
nssfixed2:3.42.1-1+deb10u1busterpackage

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729

  • https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729

  • https://hg.mozilla.org/projects/nss/rev/dabfe1160c682b4d1d19c5a7a13ab3828bb9d37f

  • https://hg.mozilla.org/projects/nss/rev/ebc93d6daeaa9001d31fd18b5199779da99ae9aa

  • firefox-esr in older suites than buster use the embedded copy and thus issue

  • is just fixed by updating firefox-esr to 60.8.0. For the others an update to

  • src:nss is needed as firefox-esr uses the system library.

EPSS

Процентиль: 71%
0.00684
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-11729

CVSS3: 7.5
ubuntu
больше 6 лет назад

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

redhat логотип

CVE-2019-11729

CVSS3: 7.5
redhat
больше 6 лет назад

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

nvd логотип

CVE-2019-11729

CVSS3: 7.5
nvd
больше 6 лет назад

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

github логотип

GHSA-x7fr-mw8m-fh4w

CVSS3: 7.5
github
больше 3 лет назад

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

fstec логотип

BDU:2019-04642

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость функции формирования открытых ключей p256-ECDH браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 71%
0.00684
Низкий