cve/2019/CVE-2019-11729.md

### [CVE-2019-11729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2060.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2068%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Empty%20or%20malformed%20p256-ECDH%20public%20keys%20may%20trigger%20a%20segmentation%20fault&color=brighgreen)

### Description

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/revl-ca/scan-docker-image
- https://github.com/vincent-deng/veracode-container-security-finding-parser