CVE-2019-17017Type Confusion in Mozilla Firefox

CWE-843Type Confusion15 documents9 sources
Severity
8.8HIGHNVD
EPSS
2.6%
top 14.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla ThunderbirdMozilla FirefoxMozilla Firefox ESR+7 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDmozilla/firefox< 72.0
CVEListV5mozilla/firefoxbefore 72
CVEListV5mozilla/firefox_esrbefore 68.4
Debianmozilla/thunderbird< 1:68.4.1-1+3

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.04, 19.10, Enterprise Linux 7.7

🔴Vulnerability Details

5
GHSA
GHSA-6m7f-wqg6-qgm2: Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash2022-05-24
OSV
thunderbird vulnerabilities2020-04-21
OSV
thunderbird vulnerabilities2020-01-16
CVEList
CVE-2019-17017: Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash2020-01-08
OSV
CVE-2019-17017: Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash2020-01-08

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2020-04-21
Ubuntu
Thunderbird vulnerabilities2020-01-16
Ubuntu
Firefox vulnerabilities2020-01-09
Red Hat
Mozilla: Type Confusion in XPCVariant.cpp2020-01-07
Debian
CVE-2019-17017: firefox - Due to a missing case handling object types, a type confusion vulnerability coul...2019

💬Community

1
Bugzilla
CVE-2019-17017 Mozilla: Type Confusion in XPCVariant.cpp2020-01-07
CVE-2019-17017 — Type Confusion in Mozilla Firefox | cvebase