CVE-2019-11745 (debian_linux, enterprise_linux_server_aus, firefox, firefox_esr, leap, ruggedcom_rox_mx5000_firmware, ruggedcom_rox_rx1400_firmware, ruggedcom_rox_rx1500_firmware, ruggedcom_rox_rx1501_firmware, ruggedcom_rox_rx1510_firmware, ruggedcom_rox_rx1511_firmware, ruggedcom_rox_rx1512_firmware, ruggedcom_rox_rx5000_firmware, thunderbird, ubuntu_linux)

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

View Full Alert

Leave a Reply