CVE-2019-11719
23.07.2019, 14:15
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 60.8.0 |
| mozilla | firefox | 𝑥 < 68.0 |
| mozilla | thunderbird | 𝑥 < 60.8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| firefox-esr |
| ||||||||||||
| nss |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||||||||||||||
| mozjs60 |
| ||||||||||||||||||||||||||||||
| nss |
| ||||||||||||||||||||||||||||||
| thunderbird |
|
Common Weakness Enumeration
References