{"containers": {"cna": {"affected": [{"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 68.4"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 72"}]}], "descriptions": [{"lang": "en", "value": "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72."}], "problemTypes": [{"descriptions": [{"description": "Type Confusion in XPCVariant.cpp", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:58", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-01/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/"}, {"name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/12"}, {"name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html"}, {"name": "DSA-4600", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4600"}, {"name": "USN-4234-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4234-1/"}, {"name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/18"}, {"name": "RHSA-2020:0085", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0085"}, {"name": "RHSA-2020:0086", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0086"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"}, {"name": "RHSA-2020:0111", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0111"}, {"name": "openSUSE-SU-2020:0060", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"}, {"name": "RHSA-2020:0120", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0120"}, {"name": "RHSA-2020:0123", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0123"}, {"name": "RHSA-2020:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0127"}, {"name": "USN-4241-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4241-1/"}, {"name": "DSA-4603", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4603"}, {"name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/26"}, {"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html"}, {"name": "openSUSE-SU-2020:0094", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html"}, {"name": "RHSA-2020:0292", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0292"}, {"name": "RHSA-2020:0295", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0295"}, {"name": "GLSA-202003-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-02"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-17017", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox ESR", "version": {"version_data": [{"version_value": "before 68.4"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_value": "before 72"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Type Confusion in XPCVariant.cpp"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-01/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-01/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/"}, {"name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/12"}, {"name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html"}, {"name": "DSA-4600", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4600"}, {"name": "USN-4234-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4234-1/"}, {"name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/18"}, {"name": "RHSA-2020:0085", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0085"}, {"name": "RHSA-2020:0086", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0086"}, {"name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"}, {"name": "RHSA-2020:0111", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0111"}, {"name": "openSUSE-SU-2020:0060", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"}, {"name": "RHSA-2020:0120", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0120"}, {"name": "RHSA-2020:0123", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0123"}, {"name": "RHSA-2020:0127", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0127"}, {"name": "USN-4241-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4241-1/"}, {"name": "DSA-4603", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4603"}, {"name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/26"}, {"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html"}, {"name": "openSUSE-SU-2020:0094", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html"}, {"name": "RHSA-2020:0292", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0292"}, {"name": "RHSA-2020:0295", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0295"}, {"name": "GLSA-202003-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-02"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:24:48.752Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-01/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/"}, {"name": "20200109 [SECURITY] [DSA 4600-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/12"}, {"name": "[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html"}, {"name": "DSA-4600", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4600"}, {"name": "USN-4234-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4234-1/"}, {"name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/18"}, {"name": "RHSA-2020:0085", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0085"}, {"name": "RHSA-2020:0086", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0086"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"}, {"name": "RHSA-2020:0111", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0111"}, {"name": "openSUSE-SU-2020:0060", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"}, {"name": "RHSA-2020:0120", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0120"}, {"name": "RHSA-2020:0123", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0123"}, {"name": "RHSA-2020:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0127"}, {"name": "USN-4241-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4241-1/"}, {"name": "DSA-4603", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4603"}, {"name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/26"}, {"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html"}, {"name": "openSUSE-SU-2020:0094", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html"}, {"name": "RHSA-2020:0292", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0292"}, {"name": "RHSA-2020:0295", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0295"}, {"name": "GLSA-202003-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-02"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-17017", "datePublished": "2020-01-08T21:27:36", "dateReserved": "2019-09-30T00:00:00", "dateUpdated": "2024-08-05T01:24:48.752Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1398139B-C837-4BF4-8555-5D722B91F646", "versionEndExcluding": "72.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACE15104-6EDD-46EA-9596-28FEB99B563F", "versionEndExcluding": "68.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72."}, {"lang": "es", "value": "Debido a una falta de tipos de objetos del manejo de casos, podr\u00eda ocurrir una vulnerabilidad de confusi\u00f3n de tipos, resultando en un bloqueo. Suponemos que con el esfuerzo suficiente podr\u00eda ser explotado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a la versi\u00f3n 68.4 y Firefox versiones anteriores a la versi\u00f3n 72."}], "id": "CVE-2019-17017", "lastModified": "2024-11-21T04:31:33.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-08T22:15:12.357", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html"}, {"source": "security@mozilla.org", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0085"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0086"}, {"source": "security@mozilla.org", "url": "https://access.redhat.com/errata/RHSA-2020:0111"}, {"source": "security@mozilla.org", "url": "https://access.redhat.com/errata/RHSA-2020:0120"}, {"source": "security@mozilla.org", "url": "https://access.redhat.com/errata/RHSA-2020:0123"}, {"source": "security@mozilla.org", "url": "https://access.redhat.com/errata/RHSA-2020:0127"}, {"source": "security@mozilla.org", "url": "https://access.redhat.com/errata/RHSA-2020:0292"}, {"source": "security@mozilla.org", "url": "https://access.redhat.com/errata/RHSA-2020:0295"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/12"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/18"}, {"source": "security@mozilla.org", "url": "https://seclists.org/bugtraq/2020/Jan/26"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/202003-02"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4234-1/"}, {"source": "security@mozilla.org", "url": "https://usn.ubuntu.com/4241-1/"}, {"source": "security@mozilla.org", "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4600"}, {"source": "security@mozilla.org", "url": "https://www.debian.org/security/2020/dsa-4603"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-01/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0086"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2020/Jan/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202003-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4234-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4241-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4600"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2020/dsa-4603"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges bo13oy as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:0086", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.4.1-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-01-13T00:00:00Z"}, {"advisory": "RHSA-2020:0123", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.4.1-2.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0085", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.4.1-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-01-13T00:00:00Z"}, {"advisory": "RHSA-2020:0120", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.4.1-2.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0111", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.4.1-1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-01-14T00:00:00Z"}, {"advisory": "RHSA-2020:0127", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.4.1-2.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0292", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.4.1-2.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-01-30T00:00:00Z"}, {"advisory": "RHSA-2020:0295", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:68.4.1-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-01-30T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Type Confusion in XPCVariant.cpp", "id": "1788724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788724"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-843", "details": ["Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72."], "name": "CVE-2019-17017", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-01-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-17017\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17017\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017"], "threat_severity": "Important", "upstream_fix": "thunderbird 68.4.1, firefox 68.4"}