Unrated severityNVD Advisory· Published Jan 8, 2020· Updated Aug 5, 2024
CVE-2019-17023
CVE-2019-17023
Description
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4< 72+ 1 more
- (no CPE)range: < 72
- (no CPE)range: before 72
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
5- usn.ubuntu.com/4234-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4397-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4726mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-01/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.