CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.4%
USN-3918-1 fixed vulnerabilities in Firefox. The update caused web
compatibility and performance issues with some websites. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, denial of service via successive FTP authorization prompts or modal
alerts, trick the user with confusing permission request prompts, obtain
sensitive information, conduct social engineering attacks, or execute
arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,
CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,
CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,
CVE-2019-9808, CVE-2019-9809)
A mechanism was discovered that removes some bounds checking for string,
array, or typed array accesses if Spectre mitigations have been disabled.
If a user were tricked in to opening a specially crafted website with
Spectre mitigations disabled, an attacker could potentially exploit this
to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)
It was discovered that Upgrade-Insecure-Requests was incorrectly enforced
for same-origin navigation. An attacker could potentially exploit this to
conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.10 | noarch | firefox | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-dbg | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-dev | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-globalmenu | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-locale-af | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-locale-an | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-locale-ar | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-locale-as | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-locale-ast | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
Ubuntu | 18.10 | noarch | firefox-locale-az | < 66.0.3+build1-0ubuntu0.18.10.1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.4%