First published: Tue Jan 07 2020(Updated: )
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <68.4 | 68.4 |
Mozilla Thunderbird | <68.4.1 | 68.4.1 |
redhat/firefox | <68.4 | 68.4 |
redhat/thunderbird | <68.4.1 | 68.4.1 |
Mozilla Firefox | <72 | 72 |
Mozilla Firefox | <72.0 | |
Mozilla Firefox ESR | <68.4 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Canonical Ubuntu Linux | =19.10 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.7 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/firefox | 133.0.3-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.5.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.5.0esr-1~deb12u1 128.5.0esr-1 128.5.1esr-1 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.5.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.5.0esr-1~deb12u1 1:128.5.2esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-17017 is a vulnerability that can result in a crash due to a missing case handling object types, potentially allowing an attacker to run arbitrary code.
Mozilla Firefox ESR version up to 68.4, Mozilla Thunderbird version up to 68.4.1, and Mozilla Firefox version up to 72 are affected by CVE-2019-17017.
CVE-2019-17017 has a severity level of high (7).
CVE-2019-17017 could be exploited to run arbitrary code, but it would require a significant amount of effort.
To fix CVE-2019-17017, update Mozilla Firefox ESR to version 68.4 or later, update Mozilla Thunderbird to version 68.4.1 or later, or update Mozilla Firefox to version 72 or later.