9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.173 Low
EPSS
Percentile
96.0%
USN-3918-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,
CVE-2019-9808, CVE-2019-9809)
A mechanism was discovered that removes some bounds checking for string,
array, or typed array accesses if Spectre mitigations have been disabled.
If a user were tricked in to opening a specially crafted website with
Spectre mitigations disabled, an attacker could potentially exploit this
to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)
It was discovered that Upgrade-Insecure-Requests was incorrectly enforced
for same-origin navigation. An attacker could potentially exploit this to
conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | firefox | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-dbg | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-dbgsym | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-dev | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-globalmenu | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-locale-af | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-locale-an | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-locale-ar | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-locale-as | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firefox-locale-ast | < 66.0.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2019-9788
ubuntu.com/security/CVE-2019-9789
ubuntu.com/security/CVE-2019-9790
ubuntu.com/security/CVE-2019-9791
ubuntu.com/security/CVE-2019-9792
ubuntu.com/security/CVE-2019-9793
ubuntu.com/security/CVE-2019-9795
ubuntu.com/security/CVE-2019-9796
ubuntu.com/security/CVE-2019-9797
ubuntu.com/security/CVE-2019-9799
ubuntu.com/security/CVE-2019-9802
ubuntu.com/security/CVE-2019-9803
ubuntu.com/security/CVE-2019-9805
ubuntu.com/security/CVE-2019-9806
ubuntu.com/security/CVE-2019-9807
ubuntu.com/security/CVE-2019-9808
ubuntu.com/security/CVE-2019-9809
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.173 Low
EPSS
Percentile
96.0%