Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-11729

Public on 2019-07-23
Modified on 2022-12-01
Description

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Severity
Medium
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 nspr 2020-03-16 21:29 ALAS-2020-1355
Amazon Linux 1 nss 2020-03-16 21:29 ALAS-2020-1355
Amazon Linux 2 - Core nss 2020-01-14 20:03 ALAS2-2020-1384
Amazon Linux 1 nss-softokn 2020-03-16 21:29 ALAS-2020-1355
Amazon Linux 2 - Core nss-softokn 2020-01-06 23:39 ALAS2-2020-1379
Amazon Linux 1 nss-util 2020-03-16 21:29 ALAS-2020-1355
Amazon Linux 2 - Core nss-util 2024-02-15 03:52 ALAS2-2024-2470

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H