Lucene search

K
mageiaGentoo FoundationMGASA-2019-0268
HistorySep 12, 2019 - 10:09 p.m.

Updated firefox packages fix security vulnerabilities

2019-09-1222:09:52
Gentoo Foundation
advisories.mageia.org
18

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.8%

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in ‘Saved Logins’ can be copied without master password entry. (CVE-2019-11733) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. (CVE-2019-11735) File manipulation and privilege escalation in Mozilla Maintenance Service. (CVE-2019-11736) Content security policy bypass through hash-based sources in directives. (CVE-2019-11738) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Cross-origin access to unload event attributes. (CVE-2019-11743) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Use-after-free while manipulating video. (CVE-2019-11746) ‘Forget about this site’ removes sites from pre-loaded HSTS list. (CVE-2019-11747) Persistence of WebRTC permissions in a third party context. (CVE-2019-11748) Camera information available without prompting using getUserMedia. (CVE-2019-11749) Type confusion in Spidermonkey. (CVE-2019-11750) Malicious code execution through command line parameters. (CVE-2019-11751) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753)

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.8%