CVE-2019-17005Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow13 documents8 sources
Severity
8.8HIGHNVD
EPSS
2.9%
top 13.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla ThunderbirdMozilla FirefoxMozilla Firefox ESR+2 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDmozilla/firefox< 71.0
CVEListV5mozilla/firefoxbefore 71
CVEListV5mozilla/firefox_esrbefore 68.3

Also affects: Ubuntu Linux 16.04, 18.04, 19.10

🔴Vulnerability Details

5
GHSA
GHSA-p5rh-pvj2-8vfv: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized ar2022-05-24
OSV
thunderbird vulnerabilities2020-04-21
OSV
thunderbird vulnerabilities2020-01-16
OSV
CVE-2019-17005: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized ar2020-01-08
CVEList
CVE-2019-17005: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized ar2020-01-08

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2020-04-21
Ubuntu
Thunderbird vulnerabilities2020-01-16
Ubuntu
Firefox vulnerabilities2019-12-13
Ubuntu
Firefox vulnerabilities2019-12-09
Red Hat
Mozilla: Buffer overflow in plain text serializer2019-12-03

💬Community

1
Bugzilla
CVE-2019-17005 Mozilla: Buffer overflow in plain text serializer2019-12-04
CVE-2019-17005 — Out-of-bounds Write in Mozilla Firefox | cvebase