CVE-2019-17012

HIGH

Firefox < 71.0 and Firefox ESR < 68.3 - Out-of-bounds Write

Title source: llm
STIX 2.1

Description

Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

References (12)

Core 12
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2019-36/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2019-38/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2019-37/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4241-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0292
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0295
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-02
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-10
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4335-1/

Scores

CVSS v3 8.8
EPSS 0.0215
EPSS Percentile 84.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (7)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
mozilla/firefox < 71.0
mozilla/firefox_esr < 68.3
mozilla/thunderbird < 68.3
opensuse/leap 15.1
Published Jan 08, 2020
Tracked Since Feb 18, 2026