CVE-2019-17005

Summary

The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdbefore 68.3affected
MozillaFirefox ESRbefore 68.3affected
MozillaFirefoxbefore 71affected

Weaknesses

  • Buffer overflow in plain text serializer

ADP Enrichment

CVE Program Container

Additional References

References