CVE-2019-17017

{"id": "CVE-2019-17017", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-01-08T22:15:12.357", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html", "source": "security@mozilla.org"}, {"url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0085", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0086", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0111", "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0120", "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0123", "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0127", "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0292", "source": "security@mozilla.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0295", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1603055", "tags": ["Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html", "source": "security@mozilla.org"}, {"url": "https://seclists.org/bugtraq/2020/Jan/12", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://seclists.org/bugtraq/2020/Jan/18", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://seclists.org/bugtraq/2020/Jan/26", "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/202003-02", "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/4234-1/", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/4241-1/", "source": "security@mozilla.org"}, {"url": "https://usn.ubuntu.com/4335-1/", "source": "security@mozilla.org"}, {"url": "https://www.debian.org/security/2020/dsa-4600", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.debian.org/security/2020/dsa-4603", "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-01/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72."}, {"lang": "es", "value": "Debido a una falta de tipos de objetos del manejo de casos, podr\u00eda ocurrir una vulnerabilidad de confusi\u00f3n de tipos, resultando en un bloqueo. Suponemos que con el esfuerzo suficiente podr\u00eda ser explotado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a la versi\u00f3n 68.4 y Firefox versiones anteriores a la versi\u00f3n 72."}], "lastModified": "2020-01-13T20:15:12.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1398139B-C837-4BF4-8555-5D722B91F646", "versionEndExcluding": "72.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE15104-6EDD-46EA-9596-28FEB99B563F", "versionEndExcluding": "68.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}