CVE-2019-17025Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds Write7 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxCanonical Ubuntu Linux
Timeline
PublishedJan 8
Latest updateMay 24

Description

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDmozilla/firefox< 72.0
Ubuntumozilla/firefox< 72.0.1+build1-0ubuntu0.16.04.1+2
CVEListV5mozilla/firefoxbefore 72
mozillamozilla/firefox
debiandebian/firefox< firefox 72.0-1 (sid)

Also affects: Ubuntu Linux 16.04, 18.04, 19.04, 19.10

🔴Vulnerability Details

2
GHSA
GHSA-pmcc-4v53-j538: Mozilla developers reported memory safety bugs present in Firefox 712022-05-24
OSV
CVE-2019-17025: Mozilla developers reported memory safety bugs present in Firefox 712020-01-08

💥Exploits & PoCs

1
Exploit-DB
OpenDocMan 1.3.4 - 'search.php where' SQL Injection2019-03-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2020-01-09
Debian
CVE-2019-17025: firefox - Mozilla developers reported memory safety bugs present in Firefox 71. Some of th...2019
Mozilla
Mozilla Foundation Security Advisory 2020-01: CVE-2019-17025