9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.8%
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in ‘Saved Logins’ can be copied without master password entry. (CVE-2019-11733) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. (CVE-2019-11735) File manipulation and privilege escalation in Mozilla Maintenance Service. (CVE-2019-11736) Content security policy bypass through hash-based sources in directives. (CVE-2019-11738) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Cross-origin access to unload event attributes. (CVE-2019-11743) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Use-after-free while manipulating video. (CVE-2019-11746) ‘Forget about this site’ removes sites from pre-loaded HSTS list. (CVE-2019-11747) Persistence of WebRTC permissions in a third party context. (CVE-2019-11748) Camera information available without prompting using getUserMedia. (CVE-2019-11749) Type confusion in Spidermonkey. (CVE-2019-11750) Malicious code execution through command line parameters. (CVE-2019-11751) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | firefox | < 68.1.0-1 | firefox-68.1.0-1.mga7 |
Mageia | 7 | noarch | firefox-l10n | < 68.1.0-1 | firefox-l10n-68.1.0-1.mga7 |
Mageia | 7 | noarch | rootcerts | < 20190820.00-1 | rootcerts-20190820.00-1.mga7 |
Mageia | 7 | noarch | nspr | < 4.22-1 | nspr-4.22-1.mga7 |
Mageia | 7 | noarch | nss | < 3.46.0-1 | nss-3.46.0-1.mga7 |
access.redhat.com/errata/RHSA-2019:2663
bugs.mageia.org/show_bug.cgi?id=25359
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0
hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt
www.mozilla.org/en-US/firefox/68.0.1/releasenotes/
www.mozilla.org/en-US/firefox/68.0.2/releasenotes/
www.mozilla.org/en-US/firefox/68.1.0/releasenotes/
www.mozilla.org/en-US/security/advisories/mfsa2019-24/
www.mozilla.org/en-US/security/advisories/mfsa2019-26/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.8%