First published: Tue Jul 09 2019(Updated: )
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nss | <0:3.44.0-7.el7_7 | 0:3.44.0-7.el7_7 |
redhat/nss-softokn | <0:3.44.0-8.el7_7 | 0:3.44.0-8.el7_7 |
redhat/nss-util | <0:3.44.0-4.el7_7 | 0:3.44.0-4.el7_7 |
redhat/nspr | <0:4.21.0-2.el8_0 | 0:4.21.0-2.el8_0 |
redhat/nss | <0:3.44.0-7.el8_0 | 0:3.44.0-7.el8_0 |
Mozilla Thunderbird | <60.8 | 60.8 |
Mozilla Thunderbird | <68 | 68 |
Mozilla Firefox ESR | <60.8 | 60.8 |
redhat/nss | <3.45 | 3.45 |
Mozilla Firefox | <68 | 68 |
Mozilla Firefox | <68.0 | |
Mozilla Firefox ESR | <60.8.0 | |
Mozilla Thunderbird | <60.8.0 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2019-11729 is a vulnerability in Mozilla Firefox that can be exploited to cause a denial of service.
The vulnerability occurs when empty or malformed p256-ECDH public keys are not properly validated and copied into memory, leading to a segmentation fault.
CVE-2019-11729 has a severity rating of 7.5 (high).
Mozilla Firefox versions up to and including 68.0, Mozilla Firefox ESR versions up to and including 60.8.0, and Mozilla Thunderbird versions up to and including 60.8.0 are affected.
Update your Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird to versions 68.0.1, 60.8.1, and 68.0.1 respectively.