UbuntuUSN-3918-3Firefox regression
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.173 Low
EPSS
Percentile
96.0%
Releases
- Ubuntu 18.10
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- firefox - Mozilla Open Source web browser
Details
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web
compatibility issues with some websites. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,
CVE-2019-9808, CVE-2019-9809)
A mechanism was discovered that removes some bounds checking for string,
array, or typed array accesses if Spectre mitigations have been disabled.
If a user were tricked in to opening a specially crafted website with
Spectre mitigations disabled, an attacker could potentially exploit this
to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)
It was discovered that Upgrade-Insecure-Requests was incorrectly enforced
for same-origin navigation. An attacker could potentially exploit this to
conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.10 | noarch | firefox | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-dbg | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-dev | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-globalmenu | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-locale-af | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-locale-an | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-locale-ar | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-locale-as | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-locale-ast | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | firefox-locale-az | < 66.0.2+build1-0ubuntu0.18.10.1 | UNKNOWN |
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.173 Low
EPSS
Percentile
96.0%