CVE-2019-11729

Summary

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 60.8affected
MozillaFirefoxunspecified < 68affected
MozillaThunderbirdunspecified < 60.8affected

Weaknesses

  • Empty or malformed p256-ECDH public keys may trigger a segmentation fault

ADP Enrichment

CVE Program Container

Additional References

References