Vulnerability-Lookup

CVE-2019-17010 (GCVE-0-2019-17010)

Vulnerability from cvelistv5 – Published: 2020-01-08 21:23 – Updated: 2024-08-05 01:24

Summary

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Severity ?

No CVSS data available.

CWE

Use-after-free when performing device orientation checks

Assigner

mozilla

References

12 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1581084	x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4241-1/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2020:0292	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0295	vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/202003-02	vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/202003-10	vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/4335-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

3 products

Vendor	Product	Version
Mozilla	Thunderbird	Affected: before 68.3
Mozilla	Firefox ESR	Affected: before 68.3
Mozilla	Firefox	Affected: before 71

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
          },
          {
            "name": "openSUSE-SU-2020:0003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
          },
          {
            "name": "USN-4241-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4241-1/"
          },
          {
            "name": "RHSA-2020:0292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0292"
          },
          {
            "name": "RHSA-2020:0295",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0295"
          },
          {
            "name": "GLSA-202003-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-02"
          },
          {
            "name": "GLSA-202003-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-10"
          },
          {
            "name": "USN-4335-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4335-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "before 68.3"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "before 68.3"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "before 71"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free when performing device orientation checks",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T02:06:51.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
        },
        {
          "name": "openSUSE-SU-2020:0003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
        },
        {
          "name": "USN-4241-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4241-1/"
        },
        {
          "name": "RHSA-2020:0292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0292"
        },
        {
          "name": "RHSA-2020:0295",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0295"
        },
        {
          "name": "GLSA-202003-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-02"
        },
        {
          "name": "GLSA-202003-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-10"
        },
        {
          "name": "USN-4335-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4335-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17010",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 68.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 68.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 71"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free when performing device orientation checks"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-36/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-38/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-37/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
            },
            {
              "name": "openSUSE-SU-2020:0003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
            },
            {
              "name": "USN-4241-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4241-1/"
            },
            {
              "name": "RHSA-2020:0292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0292"
            },
            {
              "name": "RHSA-2020:0295",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0295"
            },
            {
              "name": "GLSA-202003-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-02"
            },
            {
              "name": "GLSA-202003-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-10"
            },
            {
              "name": "USN-4335-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4335-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2019-17010",
    "datePublished": "2020-01-08T21:23:23.000Z",
    "dateReserved": "2019-09-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:24:48.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-17010",
      "date": "2026-05-19",
      "epss": "0.01329",
      "percentile": "0.80145"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"71.0\", \"matchCriteriaId\": \"13CA3D58-3E63-46A9-9E84-0EE98E85FCCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.3\", \"matchCriteriaId\": \"0E44031F-A65C-47ED-BE96-D95E9C013208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.3\", \"matchCriteriaId\": \"5720A580-B6C6-491B-9B75-619B39B6DFDD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\"}, {\"lang\": \"es\", \"value\": \"Bajo determinadas condiciones, cuando se comprueba la preferencia Resist Fingerprinting durante las verificaciones de orientaci\\u00f3n del dispositivo, una condici\\u00f3n de carrera podr\\u00eda haber causado un uso de la memoria previamente liberada y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\\u00f3n 68.3, Firefox ESR versiones anteriores a la versi\\u00f3n 68.3 y Firefox versiones anteriores a la versi\\u00f3n  71.\"}]",
      "id": "CVE-2019-17010",
      "lastModified": "2024-11-21T04:31:32.143",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-01-08T22:15:11.857",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0292\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0295\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1581084\", \"source\": \"security@mozilla.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-02\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-10\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4241-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4335-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-36/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-37/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-38/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1581084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4241-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4335-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-36/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-37/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-38/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-17010\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2020-01-08T22:15:11.857\",\"lastModified\":\"2024-11-21T04:31:32.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\"},{\"lang\":\"es\",\"value\":\"Bajo determinadas condiciones, cuando se comprueba la preferencia Resist Fingerprinting durante las verificaciones de orientaci\u00f3n del dispositivo, una condici\u00f3n de carrera podr\u00eda haber causado un uso de la memoria previamente liberada y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\u00f3n 68.3, Firefox ESR versiones anteriores a la versi\u00f3n 68.3 y Firefox versiones anteriores a la versi\u00f3n  71.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"71.0\",\"matchCriteriaId\":\"13CA3D58-3E63-46A9-9E84-0EE98E85FCCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.3\",\"matchCriteriaId\":\"0E44031F-A65C-47ED-BE96-D95E9C013208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.3\",\"matchCriteriaId\":\"5720A580-B6C6-491B-9B75-619B39B6DFDD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0292\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0295\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1581084\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-02\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-10\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4241-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4335-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-36/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-37/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-38/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1581084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4241-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4335-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-36/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-37/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-38/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2019-AVI-605

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 68.3
	Mozilla	Firefox	Firefox versions antérieures à 71

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-36 du 03 décembre 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-37 du 03 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.3",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 71",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17005"
    },
    {
      "name": "CVE-2019-17009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17009"
    },
    {
      "name": "CVE-2019-17008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17008"
    },
    {
      "name": "CVE-2019-17014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17014"
    },
    {
      "name": "CVE-2019-17013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17013"
    },
    {
      "name": "CVE-2019-17011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17011"
    },
    {
      "name": "CVE-2019-17012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17012"
    },
    {
      "name": "CVE-2019-17010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17010"
    },
    {
      "name": "CVE-2019-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13722"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-605",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-36 du 03 d\u00e9cembre 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-37 du 03 d\u00e9cembre 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/"
    }
  ]
}

CERTFR-2019-AVI-609

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 68.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-38 du 04 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 68.3",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17005"
    },
    {
      "name": "CVE-2019-17009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17009"
    },
    {
      "name": "CVE-2019-17008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17008"
    },
    {
      "name": "CVE-2019-17011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17011"
    },
    {
      "name": "CVE-2019-17012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17012"
    },
    {
      "name": "CVE-2019-17010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17010"
    },
    {
      "name": "CVE-2019-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13722"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-609",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-38 du 04 d\u00e9cembre 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/"
    }
  ]
}

CERTFR-2019-AVI-605

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 68.3
	Mozilla	Firefox	Firefox versions antérieures à 71

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-36 du 03 décembre 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-37 du 03 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.3",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 71",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17005"
    },
    {
      "name": "CVE-2019-17009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17009"
    },
    {
      "name": "CVE-2019-17008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17008"
    },
    {
      "name": "CVE-2019-17014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17014"
    },
    {
      "name": "CVE-2019-17013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17013"
    },
    {
      "name": "CVE-2019-17011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17011"
    },
    {
      "name": "CVE-2019-17012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17012"
    },
    {
      "name": "CVE-2019-17010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17010"
    },
    {
      "name": "CVE-2019-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13722"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-605",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-36 du 03 d\u00e9cembre 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-37 du 03 d\u00e9cembre 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/"
    }
  ]
}

CERTFR-2019-AVI-609

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 68.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-38 du 04 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 68.3",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17005"
    },
    {
      "name": "CVE-2019-17009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17009"
    },
    {
      "name": "CVE-2019-17008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17008"
    },
    {
      "name": "CVE-2019-17011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17011"
    },
    {
      "name": "CVE-2019-17012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17012"
    },
    {
      "name": "CVE-2019-17010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17010"
    },
    {
      "name": "CVE-2019-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13722"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-609",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-38 du 04 d\u00e9cembre 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/"
    }
  ]
}

BDU:2020-01675

Vulnerability from fstec - Published: 03.09.2019

Title

Уязвимость механизма идентификации по отпечатку пальца веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная использование области памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных

Description

Уязвимость механизма идентификации по отпечатку пальца веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird связана с использование области памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., Mozilla Corp., АО «Концерн ВНИИНС», АО «ИВК»

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Firefox, Firefox ESR, Thunderbird, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Альт 8 СП (запись в едином реестре российских программ №4305)

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 19.10 (Ubuntu), до 71 (Firefox), до 68.3 (Firefox ESR), до 68.3 (Thunderbird), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 1.0 (ОС ОН «Стрелец»), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для firefox: Обновление программного обеспечения до 71.0-1 или более поздней версии Для firefox esr: Обновление программного обеспечения до 68.3.0esr-1 или более поздней версии Для thunderbird: Обновление программного обеспечения до 1:68.3.0-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета firefox) до 71.0-1 или более поздней версии, (пакета firefox esr) до 68.3.0esr-1~deb10u1 или более поздней версии, (пакета thunderbird) до 1:68.3.0-2~deb10u1 или более поздней версии Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html Для Ubuntu: https://usn.ubuntu.com/4241-1/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2019-17010 Для Astra Linux: Обновление программного обеспечения (пакета firefox) до 71.0-1 или более поздней версии, (пакета firefox esr) до 68.3.0esr-1~deb10u1 или более поздней версии, (пакета thunderbird) до 1:68.3.0-2~deb10u1 или более поздней версии Для ОС ОН «Стрелец»: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie Для ОС ОН «Стрелец»: Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-17010 https://security-tracker.debian.org/tracker/CVE-2019-17010 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16 https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html https://usn.ubuntu.com/4241-1/ https://access.redhat.com/security/cve/cve-2019-17010 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Mozilla Corp., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 19.10 (Ubuntu), \u0434\u043e 71 (Firefox), \u0434\u043e 68.3 (Firefox ESR), \u0434\u043e 68.3 (Thunderbird), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 71.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f firefox esr:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 68.3.0esr-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1:68.3.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 71.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 firefox esr) \u0434\u043e 68.3.0esr-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:68.3.0-2~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4241-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2019-17010\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 71.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 firefox esr) \u0434\u043e 68.3.0esr-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:68.3.0-2~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.09.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01675",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-17010",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Firefox, Firefox ESR, Thunderbird, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Canonical Ltd. Ubuntu 19.10 , Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0443 \u043f\u0430\u043b\u044c\u0446\u0430 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0443 \u043f\u0430\u043b\u044c\u0446\u0430 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-17010\nhttps://security-tracker.debian.org/tracker/CVE-2019-17010\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html\nhttps://usn.ubuntu.com/4241-1/\nhttps://access.redhat.com/security/cve/cve-2019-17010\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2020-12679

Vulnerability from cnvd - Published: 2020-02-21

Title

多款Mozilla产品资源管理错误漏洞（CNVD-2020-12679）

Description

Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 Mozilla Firefox 71之前版本、Firefox ESR 68.3之前版本和Thunderbird 68.3之前版本中存在资源管理错误漏洞。远程攻击者可借助特制的网站利用该漏洞执行任意代码或造成拒绝服务。

Severity

中

Patch Name

多款Mozilla产品资源管理错误漏洞（CNVD-2020-12679）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/en-US/firefox/

Reference

https://www.cybersecurity-help.cz/vdb/SB2019120314?affChecked=1

Impacted products

Name
['Mozilla Firefox <71', 'Mozilla Firefox ESR <68.3', 'mozilla Thunderbird <68.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-17010",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-17010"
    }
  },
  "description": "Mozilla Firefox\u7b49\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\nMozilla Firefox 71\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 68.3\u4e4b\u524d\u7248\u672c\u548cThunderbird 68.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/firefox/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-12679",
  "openTime": "2020-02-21",
  "patchDescription": "Mozilla Firefox\u7b49\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\nMozilla Firefox 71\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 68.3\u4e4b\u524d\u7248\u672c\u548cThunderbird 68.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-12679\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c71",
      "Mozilla Firefox ESR \u003c68.3",
      "mozilla Thunderbird \u003c68.3"
    ]
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2019120314?affChecked=1",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-04",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-12679\uff09"
}

FKIE_CVE-2019-17010

Vulnerability from fkie_nvd - Published: 2020-01-08 22:15 - Updated: 2024-11-21 04:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html	Mailing List, Third Party Advisory
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html	Mailing List, Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2020:0292	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2020:0295	Third Party Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1581084	Exploit, Issue Tracking, Vendor Advisory
security@mozilla.org	https://security.gentoo.org/glsa/202003-02	Third Party Advisory
security@mozilla.org	https://security.gentoo.org/glsa/202003-10	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/4241-1/	Third Party Advisory
security@mozilla.org	https://usn.ubuntu.com/4335-1/	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2019-36/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2019-37/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2019-38/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0292	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0295	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1581084	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-02	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-10	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4241-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4335-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2019-36/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2019-37/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2019-38/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*
opensuse	leap	15.1
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CA3D58-3E63-46A9-9E84-0EE98E85FCCD",
              "versionEndExcluding": "71.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E44031F-A65C-47ED-BE96-D95E9C013208",
              "versionEndExcluding": "68.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5720A580-B6C6-491B-9B75-619B39B6DFDD",
              "versionEndExcluding": "68.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71."
    },
    {
      "lang": "es",
      "value": "Bajo determinadas condiciones, cuando se comprueba la preferencia Resist Fingerprinting durante las verificaciones de orientaci\u00f3n del dispositivo, una condici\u00f3n de carrera podr\u00eda haber causado un uso de la memoria previamente liberada y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versi\u00f3n 68.3, Firefox ESR versiones anteriores a la versi\u00f3n 68.3 y Firefox versiones anteriores a la versi\u00f3n  71."
    }
  ],
  "id": "CVE-2019-17010",
  "lastModified": "2024-11-21T04:31:32.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-08T22:15:11.857",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0292"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0295"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-02"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-10"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4241-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4335-1/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4241-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4335-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3F69-XHQ6-C8M8

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-17010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-08T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
  "id": "GHSA-3f69-xhq6-c8m8",
  "modified": "2022-05-24T17:05:48Z",
  "published": "2022-05-24T17:05:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17010"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0292"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0295"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-02"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-10"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4241-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4335-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-36"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-37"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-38"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-17010

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-17010

Aliases

CVE-2019-17010

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-17010",
    "description": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
    "id": "GSD-2019-17010",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-17010.html",
      "https://www.debian.org/security/2019/dsa-4585",
      "https://www.debian.org/security/2019/dsa-4580",
      "https://access.redhat.com/errata/RHSA-2020:0295",
      "https://access.redhat.com/errata/RHSA-2020:0292",
      "https://access.redhat.com/errata/RHSA-2019:4205",
      "https://access.redhat.com/errata/RHSA-2019:4195",
      "https://access.redhat.com/errata/RHSA-2019:4148",
      "https://access.redhat.com/errata/RHSA-2019:4111",
      "https://access.redhat.com/errata/RHSA-2019:4108",
      "https://access.redhat.com/errata/RHSA-2019:4107",
      "https://ubuntu.com/security/CVE-2019-17010",
      "https://advisories.mageia.org/CVE-2019-17010.html",
      "https://security.archlinux.org/CVE-2019-17010",
      "https://linux.oracle.com/cve/CVE-2019-17010.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-17010"
      ],
      "details": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
      "id": "GSD-2019-17010",
      "modified": "2023-12-13T01:23:44.533742Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2019-17010",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 68.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 68.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 71"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use-after-free when performing device orientation checks"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2019-36/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2019-38/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2019-37/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
          },
          {
            "name": "openSUSE-SU-2020:0003",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
          },
          {
            "name": "USN-4241-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4241-1/"
          },
          {
            "name": "RHSA-2020:0292",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0292"
          },
          {
            "name": "RHSA-2020:0295",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0295"
          },
          {
            "name": "GLSA-202003-02",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-02"
          },
          {
            "name": "GLSA-202003-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202003-10"
          },
          {
            "name": "USN-4335-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4335-1/"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2019-17010"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "68.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "68.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "71"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use-after-free when performing device orientation checks"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "71.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "68.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "68.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17010"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1581084"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-38/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-37/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-36/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
            },
            {
              "name": "openSUSE-SU-2020:0002",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2020:0003",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
            },
            {
              "name": "USN-4241-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4241-1/"
            },
            {
              "name": "RHSA-2020:0295",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0295"
            },
            {
              "name": "RHSA-2020:0292",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0292"
            },
            {
              "name": "GLSA-202003-02",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202003-02"
            },
            {
              "name": "GLSA-202003-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202003-10"
            },
            {
              "name": "USN-4335-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4335-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-08T14:32Z",
      "publishedDate": "2020-01-08T22:15Z"
    }
  }
}

OPENSUSE-SU-2020:0002-1

Vulnerability from csaf_opensuse - Published: 2020-01-09 16:29 - Updated: 2020-01-09 16:29

Summary

Security update for MozillaFirefox

Severity

Important

Notes

Title of the patch: Security update for MozillaFirefox

Description of the patch: This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2020-2

CVE-2019-11745

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-13722

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17005

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17008

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17009

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17010

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17011

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-17012

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64	—	Vendor Fix

Threats

Impact important

References

31 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1157652	self
https://bugzilla.suse.com/1158328	self
https://www.suse.com/security/cve/CVE-2019-11745/	self
https://www.suse.com/security/cve/CVE-2019-13722/	self
https://www.suse.com/security/cve/CVE-2019-17005/	self
https://www.suse.com/security/cve/CVE-2019-17008/	self
https://www.suse.com/security/cve/CVE-2019-17009/	self
https://www.suse.com/security/cve/CVE-2019-17010/	self
https://www.suse.com/security/cve/CVE-2019-17011/	self
https://www.suse.com/security/cve/CVE-2019-17012/	self
https://www.suse.com/security/cve/CVE-2019-11745	external
https://bugzilla.suse.com/1158328	external
https://bugzilla.suse.com/1158527	external
https://www.suse.com/security/cve/CVE-2019-13722	external
https://bugzilla.suse.com/1158328	external
https://www.suse.com/security/cve/CVE-2019-17005	external
https://bugzilla.suse.com/1158328	external
https://www.suse.com/security/cve/CVE-2019-17008	external
https://bugzilla.suse.com/1158328	external
https://www.suse.com/security/cve/CVE-2019-17009	external
https://bugzilla.suse.com/1158328	external
https://www.suse.com/security/cve/CVE-2019-17010	external
https://bugzilla.suse.com/1158328	external
https://www.suse.com/security/cve/CVE-2019-17011	external
https://bugzilla.suse.com/1158328	external
https://www.suse.com/security/cve/CVE-2019-17012	external
https://bugzilla.suse.com/1158328	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox fixes the following issues:\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)\t  \n\t  \nSecurity issues fixed: \n\n- CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n- CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments \n  in WebRTC code (bmo#1580156)\n- CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a \n  block cipher (bmo#1586176)\n- CVE-2019-17009: Fixed an issue where updater temporary files accessible to \n  unprivileged processes (bmo#1510494)\n- CVE-2019-17010: Fixed a use-after-free when performing device orientation \n  checks (bmo#1581084)\n- CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n- CVE-2019-17011: Fixed a use-after-free when retrieving a document \n  in antitracking (bmo#1591334)\n- CVE-2019-17012: Fixed multiple memmory issues\n  (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, \n  bmo#1592502)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-2",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0002-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0002-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IT3UIP5O2QPRMJEIU4SZ6MBHNKBLUYZT/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0002-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IT3UIP5O2QPRMJEIU4SZ6MBHNKBLUYZT/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157652",
        "url": "https://bugzilla.suse.com/1157652"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1158328",
        "url": "https://bugzilla.suse.com/1158328"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11745 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11745/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13722 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13722/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17005 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17005/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17008 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17008/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17009 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17009/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17010 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17010/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17011 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17011/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17012 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17012/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2020-01-09T16:29:33Z",
      "generator": {
        "date": "2020-01-09T16:29:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0002-1",
      "initial_release_date": "2020-01-09T16:29:33Z",
      "revision_history": [
        {
          "date": "2020-01-09T16:29:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
                  "product_id": "MozillaFirefox-68.3.0-lp151.2.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
                  "product_id": "MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
                  "product_id": "MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-68.3.0-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64"
        },
        "product_reference": "MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64"
        },
        "product_reference": "MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64"
        },
        "product_reference": "MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-11745",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11745"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11745",
          "url": "https://www.suse.com/security/cve/CVE-2019-11745"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-11745",
          "url": "https://bugzilla.suse.com/1158328"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158527 for CVE-2019-11745",
          "url": "https://bugzilla.suse.com/1158527"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-11745"
    },
    {
      "cve": "CVE-2019-13722",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13722"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13722",
          "url": "https://www.suse.com/security/cve/CVE-2019-13722"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-13722",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-13722"
    },
    {
      "cve": "CVE-2019-17005",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17005"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The plain text serializer used a fixed-size array for the number of \u003col\u003e elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17005",
          "url": "https://www.suse.com/security/cve/CVE-2019-17005"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-17005",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17005"
    },
    {
      "cve": "CVE-2019-17008",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17008"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17008",
          "url": "https://www.suse.com/security/cve/CVE-2019-17008"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-17008",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17008"
    },
    {
      "cve": "CVE-2019-17009",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17009"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17009",
          "url": "https://www.suse.com/security/cve/CVE-2019-17009"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-17009",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17009"
    },
    {
      "cve": "CVE-2019-17010",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17010"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17010",
          "url": "https://www.suse.com/security/cve/CVE-2019-17010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-17010",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17010"
    },
    {
      "cve": "CVE-2019-17011",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17011"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17011",
          "url": "https://www.suse.com/security/cve/CVE-2019-17011"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-17011",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17011"
    },
    {
      "cve": "CVE-2019-17012",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17012"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
          "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17012",
          "url": "https://www.suse.com/security/cve/CVE-2019-17012"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158328 for CVE-2019-17012",
          "url": "https://bugzilla.suse.com/1158328"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:MozillaFirefox-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-devel-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.3.0-lp151.2.21.1.x86_64",
            "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.3.0-lp151.2.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-09T16:29:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17012"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-17010 (GCVE-0-2019-17010)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature