Описание
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 72.0-1 | package | |
| firefox-esr | fixed | 68.4.0esr-1 | package | |
| thunderbird | fixed | 1:68.4.1-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17017
EPSS
Связанные уязвимости
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Уязвимость браузеров Firefox, Firefox ESR, связанная с доступом к ресурсу через несовместимые типы, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS