Lucene search

K
ibmIBM60B024799A8BCB67F8D6647F008C565B9B661B63D8F52FC6E04A3528CF8B6B3D
HistoryAug 08, 2019 - 9:37 a.m.

Security Bulletin: Synthetic Playback Agent 8.1.x is affected by multiple vulnerabilities

2019-08-0809:37:13
www.ibm.com
29

EPSS

0.536

Percentile

97.7%

Summary

Synthetic Playback Agent has addressed the following vulnerabilities:

CVE-2019-9816
CVE-2019-9817
CVE-2019-9819
CVE-2019-9820
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-7317

Vulnerability Details

CVEID: CVE-2019-11692

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when listeners are removed from the event listener manager while still in use. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161344 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-11691

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free when working with XMLHttpRequest (XHR) in an event loop. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161343 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-9819

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a JavaScript compartment mismatch can while working with the fetch API. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161340 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-9816

**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion when manipulating JavaScript objects in object groups. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVSS Base Score: 8.8

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161338 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-9817

**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using canvas to steal image data from a different site.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161339 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2019-9820

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in the chrome event handler. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161341 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-7317

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in the png_image_free function in the libpng library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161346 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-7317

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in the png_image_free function in the libpng library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161346 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-7317

**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by a use-after-free in png_image_free in png.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 3.3

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/156548 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-7317

**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by a use-after-free in png_image_free in png.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 3.3

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/156548 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-11693

**DESCRIPTION:**Mozilla Firefox is vulnerable to a denial of service, caused by a buffer overflow in the bufferdata function in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS Base Score: 6.5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161345 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Product

|

Affected Versions

—|—

Synthetic Playback Agent

|

8.1.4 - 8.1.4 IF07

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—

Synthetic Playback Agent

|

8.1.4 IF08

|

| 8.1.4.0-IBM-APM-SYNTHETIC-PLAYBACK-AGENT-IF0008

Workarounds and Mitigations

None