CVE-2019-17023 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
A security issue has been found in the NSS component of Firefox before 72.0. After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.
Group Package Affected Fixed Severity Status Ticket
AVG-1084 firefox 71.0-1 72.0-1 Critical Fixed
Date Advisory Group Package Severity Description
08 Jan 2020 ASA-202001-1 AVG-1084 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023
https://bugzilla.mozilla.org/show_bug.cgi?id=1590001