Lucene search

K
debianDebianDEBIAN:DSA-4600-1:3EA74
HistoryJan 09, 2020 - 9:21 a.m.

[SECURITY] [DSA 4600-1] firefox-esr security update

2020-01-0909:21:23
lists.debian.org
85

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.534 Medium

EPSS

Percentile

97.6%


Debian Security Advisory DSA-4600-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 09, 2020 https://www.debian.org/security/faq


Package : firefox-esr
CVE ID : CVE-2019-17026 CVE-2019-17024 CVE-2019-17022
CVE-2019-17017 CVE-2019-17016

Multiple security issues have been found in the Mozilla Firefox
web browser, which could potentially result in the execution
of arbitrary code, data exfiltration or cross-site scripting.

For the oldstable distribution (stretch), this problem has been fixed
in version 68.4.1esr-1~deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 68.4.1esr-1~deb10u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.534 Medium

EPSS

Percentile

97.6%