Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
Acknowledgments: Name: the Mozilla project Upstream: Jonas Allmann
Statement: Firefox on Red Hat Enterprise Linux is built against the system nss library.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1951 https://access.redhat.com/errata/RHSA-2019:1951
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11729
This vulnerability is out of security support scope for the following product: * Red Hat Enterprise Application Platform 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
The library nss-altfiles does not share any certificate code with nss. * nss-altfiles only reads information from files in same format as /etc/passwd and /etc/group
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:4190 https://access.redhat.com/errata/RHSA-2019:4190
Upstream commit: https://hg.mozilla.org/projects/nss/rev/dabfe1160c682b4d1d19c5a7a13ab3828bb9d37f Upstream bug (currently private): https://bugzilla.mozilla.org/show_bug.cgi?id=1515342