CVE-2019-17017
published 2020-01-08CVE-2019-17017: Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| centreon | centreon_web | >= 18.10.0 < 18.10.4 | 18.10.4 |
| centreon | centreon_web | >= 2.8 < 2.8.27 | 2.8.27 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 72.0-1 (sid) | firefox 72.0-1 (sid) |
| debian | firefox-esr | < firefox 72.0-1 (sid) | firefox 72.0-1 (sid) |
| debian | thunderbird | < firefox 72.0-1 (sid) | firefox 72.0-1 (sid) |
| mozilla | firefox | < 72.0 | 72.0 |
| mozilla | firefox | — | — |
| mozilla | firefox_esr | < 68.4 | 68.4 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2 | 1:68.7.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:68.4.1+build1-0ubuntu0.18.04.1 | 1:68.4.1+build1-0ubuntu0.18.04.1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH