DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2019-9818", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2019-9818", "description": "A race condition is present in the crash generation server used to generate\ndata for the crash reporter. This issue can lead to a use-after-free in the\nmain process, resulting in a potentially exploitable crash and a sandbox\nescape. *Note: this vulnerability only affects Windows. Other operating\nsystems are unaffected.*. This vulnerability affects Thunderbird < 60.7,\nFirefox < 67, and Firefox ESR < 60.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | mozjs contains a copy of the SpiderMonkey JavaScript engine \n[chrisccoulson](<https://launchpad.net/~chrisccoulson>) | Windows only bug\n", "published": "2019-07-23T00:00:00", "modified": "2019-07-23T00:00:00", "epss": [{"cve": "CVE-2019-9818", "epss": 0.00262, "percentile": 0.63647, "modified": "2023-12-03"}], "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.1}, "severity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 6.0}, "href": "https://ubuntu.com/security/CVE-2019-9818", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9818", "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818", "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818", "https://nvd.nist.gov/vuln/detail/CVE-2019-9818", "https://launchpad.net/bugs/cve/CVE-2019-9818", "https://security-tracker.debian.org/tracker/CVE-2019-9818"], "cvelist": ["CVE-2019-9818"], "immutableFields": [], "lastseen": "2023-12-05T14:37:01", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-9818"]}, {"type": "altlinux", "idList": ["7D0EAD47B6BEBFF0E2D06F9E2B17C8F8", "FF9405F8F2E42E5DBDA0FF78FB687D36"]}, {"type": "cve", "idList": ["CVE-2019-9818"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-9818"]}, {"type": "freebsd", "idList": ["44B6DFBF-4EF7-4D52-AD52-2B1B05D81272"]}, {"type": "kaspersky", "idList": ["KLA11486", "KLA11487", "KLA11488"]}, {"type": "mageia", "idList": ["MGASA-2019-0190", "MGASA-2019-0191"]}, {"type": "mozilla", "idList": ["MFSA2019-13", "MFSA2019-14", "MFSA2019-15"]}, {"type": "nessus", "idList": ["700727.PRM", "700733.PRM", "700742.PRM", "FREEBSD_PKG_44B6DFBF4EF74D52AD522B1B05D81272.NASL", "MACOS_FIREFOX_60_7_ESR.NASL", "MACOS_FIREFOX_67_0.NASL", "MACOS_THUNDERBIRD_60_7.NASL", "MOZILLA_FIREFOX_60_7_ESR.NASL", "MOZILLA_FIREFOX_67_0.NASL", "MOZILLA_THUNDERBIRD_60_7.NASL", "OPENSUSE-2019-1484.NASL", "OPENSUSE-2019-1534.NASL", "SUSE_SU-2019-1388-1.NASL", "SUSE_SU-2019-1405-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814895", "OPENVAS:1361412562310814896", "OPENVAS:1361412562310814897", "OPENVAS:1361412562310814898", "OPENVAS:1361412562310815082", "OPENVAS:1361412562310852528", "OPENVAS:1361412562310852552"]}, {"type": "prion", "idList": ["PRION:CVE-2019-9818"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-9818"]}, {"type": "slackware", "idList": ["SSA-2019-141-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1484-1", "OPENSUSE-SU-2019:1534-1", "OPENSUSE-SU-2019:1664-1"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-9818"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-9818"]}, {"type": "freebsd", "idList": ["44B6DFBF-4EF7-4D52-AD52-2B1B05D81272"]}, {"type": "kaspersky", "idList": ["KLA11486", "KLA11487", "KLA11488"]}, {"type": "mozilla", "idList": ["MFSA2019-13"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_44B6DFBF4EF74D52AD522B1B05D81272.NASL", "MOZILLA_FIREFOX_60_7_ESR.NASL", "MOZILLA_FIREFOX_67_0.NASL", "MOZILLA_THUNDERBIRD_60_7.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814895", "OPENVAS:1361412562310814896", "OPENVAS:1361412562310814897", "OPENVAS:1361412562310814898", "OPENVAS:1361412562310815082", "OPENVAS:1361412562310852528", "OPENVAS:1361412562310852552"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-9818"]}, {"type": "slackware", "idList": ["SSA-2019-141-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1484-1", "OPENSUSE-SU-2019:1534-1", "OPENSUSE-SU-2019:1664-1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-9818", "epss": 0.00226, "percentile": 0.5936, "modified": "2023-05-07"}], "vulnersScore": 8.7}, "_state": {"dependencies": 1701787292, "score": 1701789691, "epss": 0}, "_internal": {"score_hash": "bab8b2a8581cdd717d4d34bbdf26367c"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "mozjs52"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "mozjs52"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "mozjs52"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "mozjs38"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "mozjs60"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "67.0", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "firefox"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "60.7", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "thunderbird"}], "bugs": []}

{"debiancve": [{"lastseen": "2023-12-03T18:25:27", "description": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-07-23T14:15:00", "type": "debiancve", "title": "CVE-2019-9818", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9818"], "modified": "2019-07-23T14:15:00", "id": "DEBIANCVE:CVE-2019-9818", "href": "https://security-tracker.debian.org/tracker/CVE-2019-9818", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T15:53:14", "description": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-07-23T14:15:00", "type": "cve", "title": "CVE-2019-9818", "cwe": ["CWE-362", "CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9818"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2019-9818", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9818", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "prion": [{"lastseen": "2023-11-22T02:23:22", "description": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-07-23T14:15:00", "type": "prion", "title": "Race condition", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9818"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2019-9818", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-9818", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-12-04T11:46:51", "description": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-04-05T05:18:20", "type": "redhatcve", "title": "CVE-2019-9818", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9818"], "modified": "2023-04-06T06:32:23", "id": "RH:CVE-2019-9818", "href": "https://access.redhat.com/security/cve/cve-2019-9818", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-12-03T16:03:12", "description": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-07-23T14:15:00", "type": "alpinelinux", "title": "CVE-2019-9818", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9818"], "modified": "2021-07-21T11:39:00", "id": "ALPINE:CVE-2019-9818", "href": "https://security.alpinelinux.org/vuln/CVE-2019-9818", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-11-21T15:56:03", "description": "This update for MozillaFirefox fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11691: Use-after-free in XMLHttpRequest\n\nCVE-2019-11692: Use-after-free removing listeners in the event listener manager\n\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n\nCVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\n\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\nCVE-2019-9817: Stealing of cross-domain images using canvas\n\nCVE-2019-9818: Use-after-free in crash generation server\n\nCVE-2019-9819: Compartment mismatch with fetch API\n\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\nNon-security issues fixed: Font and date adjustments to accommodate the new Reiwa era in Japan\n\nUpdate to Firefox ESR 60.7 (bsc#1135824)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1388-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1388-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125672);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\",\n \"CVE-2019-7317\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11691: Use-after-free in XMLHttpRequest\n\nCVE-2019-11692: Use-after-free removing listeners in the event\nlistener manager\n\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n\nCVE-2019-11698: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks\n\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\n\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n60.7\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on\nmacOS\n\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\nCVE-2019-9817: Stealing of cross-domain images using canvas\n\nCVE-2019-9818: Use-after-free in crash generation server\n\nCVE-2019-9819: Compartment mismatch with fetch API\n\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\nNon-security issues fixed: Font and date adjustments to accommodate\nthe new Reiwa era in Japan\n\nUpdate to Firefox ESR 60.7 (bsc#1135824)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11691/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11692/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11693/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11694/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11698/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7317/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9800/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9817/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9820/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191388-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9c97066\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1388=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1388=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-1388=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1388=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1388=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1388=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1388=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1388=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1388=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1388=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1388=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1388=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1388=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1388=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-devel-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-devel-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-devel-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-60.7.0-109.72.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-common-60.7.0-109.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T15:59:07", "description": "This update for MozillaFirefox fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11691: Use-after-free in XMLHttpRequest\n\nCVE-2019-11692: Use-after-free removing listeners in the event listener manager\n\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n\nCVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\n\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\nCVE-2019-9817: Stealing of cross-domain images using canvas\n\nCVE-2019-9818: Use-after-free in crash generation server\n\nCVE-2019-9819: Compartment mismatch with fetch API\n\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\nNon-security issues fixed: Font and date adjustments to accommodate the new Reiwa era in Japan\n\nUpdate to Firefox ESR 60.7 (bsc#1135824)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-branding-upstream", "p-cpe:/a:novell:suse_linux:mozillafirefox-buildsymbols", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1405-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1405-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125702);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\",\n \"CVE-2019-7317\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11691: Use-after-free in XMLHttpRequest\n\nCVE-2019-11692: Use-after-free removing listeners in the event\nlistener manager\n\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n\nCVE-2019-11698: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks\n\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\n\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n60.7\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on\nmacOS\n\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\nCVE-2019-9817: Stealing of cross-domain images using canvas\n\nCVE-2019-9818: Use-after-free in crash generation server\n\nCVE-2019-9819: Compartment mismatch with fetch API\n\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\nNon-security issues fixed: Font and date adjustments to accommodate\nthe new Reiwa era in Japan\n\nUpdate to Firefox ESR 60.7 (bsc#1135824)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11691/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11692/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11693/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11694/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11698/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7317/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9800/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9816/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9817/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9820/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191405-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb1fa270\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1405=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1405=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1405=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-1405=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"MozillaFirefox-devel-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-branding-upstream-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-branding-upstream-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-debugsource-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-devel-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-translations-common-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"MozillaFirefox-translations-other-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"MozillaFirefox-devel-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-branding-upstream-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-branding-upstream-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-debugsource-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-devel-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-translations-common-60.7.0-3.40.6\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"MozillaFirefox-translations-other-60.7.0-3.40.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:00:09", "description": "This update for MozillaThunderbird fixes the following issues :\n\nMozilla Thunderbird was updated to 60.7.0\n\n - Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut\n\nSecurity issues fixed (MFSA 2019-15 boo#1135824) :\n\n - CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n\n - CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n - CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n\n - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\n - CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox\n\n - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n\n - CVE-2019-5798: Out-of-bounds read in Skia\n\n - CVE-2019-7317: Use-after-free in png_image_free of libpng library\n\n - CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n\n - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\n - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n\n - CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\n - CVE-2019-9817: Stealing of cross-domain images using canvas\n\n - CVE-2019-9818: Use-after-free in crash generation server\n\n - CVE-2019-9819: Compartment mismatch with fetch API\n\n - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\n - Disable LTO (boo#1133267).\n\n - Add patch to fix build using rust-1.33: (boo#1130694)", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo", "p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/125669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1484.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125669);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaThunderbird fixes the following issues :\n\nMozilla Thunderbird was updated to 60.7.0\n\n - Attachment pane of Write window no longer focussed when\n attaching files using a keyboard shortcut\n\nSecurity issues fixed (MFSA 2019-15 boo#1135824) :\n\n - CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n\n - CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n - CVE-2019-11692: Use-after-free removing listeners in the\n event listener manager\n\n - CVE-2019-11693: Buffer overflow in WebGL bufferdata on\n Linux\n\n - CVE-2019-11694: (Windows only) Uninitialized memory\n memory leakage in Windows sandbox\n\n - CVE-2019-11698: Theft of user history data through drag\n and drop of hyperlinks to and from bookmarks\n\n - CVE-2019-5798: Out-of-bounds read in Skia\n\n - CVE-2019-7317: Use-after-free in png_image_free of\n libpng library\n\n - CVE-2019-9797: Cross-origin theft of images with\n createImageBitmap\n\n - CVE-2019-9800: Memory safety bugs fixed in Firefox 67\n and Firefox ESR 60.7\n\n - CVE-2019-9815: Disable hyperthreading on content\n JavaScript threads on macOS\n\n - CVE-2019-9816: Type confusion with object groups and\n UnboxedObjects\n\n - CVE-2019-9817: Stealing of cross-domain images using\n canvas\n\n - CVE-2019-9818: Use-after-free in crash generation server\n\n - CVE-2019-9819: Compartment mismatch with fetch API\n\n - CVE-2019-9820: Use-after-free of ChromeEventHandler by\n DocShell\n\n - Disable LTO (boo#1133267).\n\n - Add patch to fix build using rust-1.33: (boo#1130694)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135824\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"MozillaThunderbird-60.7.0-92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"MozillaThunderbird-buildsymbols-60.7.0-92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"MozillaThunderbird-debuginfo-60.7.0-92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"MozillaThunderbird-debugsource-60.7.0-92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"MozillaThunderbird-translations-common-60.7.0-92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"MozillaThunderbird-translations-other-60.7.0-92.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:32:26", "description": "The version of Thunderbird installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory.\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 60.7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698"], "modified": "2019-10-30T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_60_7.NASL", "href": "https://www.tenable.com/plugins/nessus/125359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-15.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125359);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/30 13:24:47\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(\n 107009,\n 107363,\n 107486,\n 108098,\n 108418\n );\n script_xref(name:\"MFSA\", value:\"2019-15\");\n\n script_name(english:\"Mozilla Thunderbird < 60.7\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is\nprior to 60.7. It is, therefore, affected by multiple vulnerabilities\nas referenced in the mfsa2019-15 advisory.\n\n - If hyperthreading is not disabled, a timing attack\n vulnerability exists, similar to previous Spectre\n attacks. Apple has shipped macOS 10.14.5 with an option\n to disable hyperthreading in applications running\n untrusted code in a thread through a new sysctl. Firefox\n now makes use of it on the main thread and any worker\n threads. Note: users need to update to macOS 10.14.5\n in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. Note: this vulnerability has\n only been demonstrated with UnboxedObjects,\n which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation\n server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main\n process, resulting in a potentially exploitable crash\n and a sandbox escape. Note: this vulnerability only\n affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API,\n resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop,\n causing the XHR main thread to be called after it has\n been freed. This results in a potentially exploitable\n crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is\n vulnerable to a buffer overflow with specific graphics\n drivers on Linux. This could result in malicious content\n freezing a tab or triggering a potentially exploitable\n crash. Note: this issue only occurs on Linux. Other\n operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the\n pngimagefree function in the libpng\n library. This could lead to denial of service or a\n potentially exploitable crash when a malformed image is\n processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and\n then rendering the resulting bitmap image within a\n canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a\n canvas element in violation of the same-\n origin policy using the\n transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an\n uninitialized value in memory can be leaked to a\n renderer from a broker when making a call to access an\n otherwise unavailable file. This results in the\n potential leaking of information stored at that memory\n location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via\n drop event data. This allows for the theft\n of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library\n during path transformations. This could result in the\n exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay,\n Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga,\n Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald\n Crane, and Ted Campbell reported memory safety bugs\n present in Firefox 66, Firefox ESR 60.6, and Thunderbird\n 60.6. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort that\n some of these could be exploited to run arbitrary code.\n (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 60.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'60.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:23:33", "description": "Versions of Mozilla Thunderbird prior to 60.7 are outdated and thus unpatched for the following vulnerabilities :\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815)\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816)\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818)\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819)\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820)\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692)\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n - A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797)\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. (CVE-2019-18511)\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694)\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n - An out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory. (CVE-2019-5798)\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)\n", "cvss3": {}, "published": "2016-05-21T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 60.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-18511", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-05-21T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "700742.PRM", "href": "https://www.tenable.com/plugins/nnm/700742", "sourceData": "Binary data 700742.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:47", "description": "Versions of Mozilla Firefox ESR earlier than 60.7 are unpatched for the following vulnerabilities:\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815)\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816)\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818)\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819)\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820)\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692)\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n - A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797)\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. (CVE-2018-18511)\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694)\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n - An out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory. (CVE-2019-5798)\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)", "cvss3": {}, "published": "2019-05-21T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 60.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-11-06T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "700733.PRM", "href": "https://www.tenable.com/plugins/nnm/700733", "sourceData": "Binary data 700733.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:31:40", "description": "The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory.\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 60.7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698"], "modified": "2019-10-30T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOS_FIREFOX_60_7_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/125362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-14.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125362);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(\n 107009,\n 107363,\n 107486,\n 108098,\n 108418\n );\n script_xref(name:\"MFSA\", value:\"2019-14\");\n\n script_name(english:\"Mozilla Firefox ESR < 60.7\");\n script_summary(english:\"Checks the version of Firefox ESR.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote macOS or Mac OS X\nhost is prior to 60.7. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2019-14 advisory.\n\n - If hyperthreading is not disabled, a timing attack\n vulnerability exists, similar to previous Spectre\n attacks. Apple has shipped macOS 10.14.5 with an option\n to disable hyperthreading in applications running\n untrusted code in a thread through a new sysctl. Firefox\n now makes use of it on the main thread and any worker\n threads. Note: users need to update to macOS 10.14.5\n in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. Note: this vulnerability has\n only been demonstrated with UnboxedObjects,\n which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation\n server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main\n process, resulting in a potentially exploitable crash\n and a sandbox escape. Note: this vulnerability only\n affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API,\n resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop,\n causing the XHR main thread to be called after it has\n been freed. This results in a potentially exploitable\n crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is\n vulnerable to a buffer overflow with specific graphics\n drivers on Linux. This could result in malicious content\n freezing a tab or triggering a potentially exploitable\n crash. Note: this issue only occurs on Linux. Other\n operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the\n pngimagefree function in the libpng\n library. This could lead to denial of service or a\n potentially exploitable crash when a malformed image is\n processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and\n then rendering the resulting bitmap image within a\n canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a\n canvas element in violation of the same-\n origin policy using the\n transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an\n uninitialized value in memory can be leaked to a\n renderer from a broker when making a call to access an\n otherwise unavailable file. This results in the\n potential leaking of information stored at that memory\n location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via\n drop event data. This allows for the theft\n of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library\n during path transformations. This could result in the\n exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay,\n Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga,\n Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald\n Crane, and Ted Campbell reported memory safety bugs\n present in Firefox 66 and Firefox ESR 60.6. Some of\n these bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these could\n be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 60.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'60.7', min:'60.0.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:33:18", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory.\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 60.7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698"], "modified": "2019-10-30T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_60_7.NASL", "href": "https://www.tenable.com/plugins/nessus/125358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-15.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125358);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(\n 107009,\n 107363,\n 107486,\n 108098,\n 108418\n );\n script_xref(name:\"MFSA\", value:\"2019-15\");\n\n script_name(english:\"Mozilla Thunderbird < 60.7\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X\nhost is prior to 60.7. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2019-15 advisory.\n\n - If hyperthreading is not disabled, a timing attack\n vulnerability exists, similar to previous Spectre\n attacks. Apple has shipped macOS 10.14.5 with an option\n to disable hyperthreading in applications running\n untrusted code in a thread through a new sysctl. Firefox\n now makes use of it on the main thread and any worker\n threads. Note: users need to update to macOS 10.14.5\n in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. Note: this vulnerability has\n only been demonstrated with UnboxedObjects,\n which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation\n server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main\n process, resulting in a potentially exploitable crash\n and a sandbox escape. Note: this vulnerability only\n affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API,\n resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop,\n causing the XHR main thread to be called after it has\n been freed. This results in a potentially exploitable\n crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is\n vulnerable to a buffer overflow with specific graphics\n drivers on Linux. This could result in malicious content\n freezing a tab or triggering a potentially exploitable\n crash. Note: this issue only occurs on Linux. Other\n operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the\n pngimagefree function in the libpng\n library. This could lead to denial of service or a\n potentially exploitable crash when a malformed image is\n processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and\n then rendering the resulting bitmap image within a\n canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a\n canvas element in violation of the same-\n origin policy using the\n transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an\n uninitialized value in memory can be leaked to a\n renderer from a broker when making a call to access an\n otherwise unavailable file. This results in the\n potential leaking of information stored at that memory\n location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via\n drop event data. This allows for the theft\n of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library\n during path transformations. This could result in the\n exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay,\n Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga,\n Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald\n Crane, and Ted Campbell reported memory safety bugs\n present in Firefox 66, Firefox ESR 60.6, and Thunderbird\n 60.6. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort that\n some of these could be exploited to run arbitrary code.\n (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 60.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'60.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:33:19", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory.\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 60.7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698"], "modified": "2019-10-30T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_60_7_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/125363", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-14.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125363);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/30 13:24:47\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(\n 107009,\n 107363,\n 107486,\n 108098,\n 108418\n );\n script_xref(name:\"MFSA\", value:\"2019-14\");\n\n script_name(english:\"Mozilla Firefox ESR < 60.7\");\n script_summary(english:\"Checks the version of Firefox ESR.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is\nprior to 60.7. It is, therefore, affected by multiple vulnerabilities\nas referenced in the mfsa2019-14 advisory.\n\n - If hyperthreading is not disabled, a timing attack\n vulnerability exists, similar to previous Spectre\n attacks. Apple has shipped macOS 10.14.5 with an option\n to disable hyperthreading in applications running\n untrusted code in a thread through a new sysctl. Firefox\n now makes use of it on the main thread and any worker\n threads. Note: users need to update to macOS 10.14.5\n in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. Note: this vulnerability has\n only been demonstrated with UnboxedObjects,\n which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation\n server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main\n process, resulting in a potentially exploitable crash\n and a sandbox escape. Note: this vulnerability only\n affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API,\n resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop,\n causing the XHR main thread to be called after it has\n been freed. This results in a potentially exploitable\n crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is\n vulnerable to a buffer overflow with specific graphics\n drivers on Linux. This could result in malicious content\n freezing a tab or triggering a potentially exploitable\n crash. Note: this issue only occurs on Linux. Other\n operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the\n pngimagefree function in the libpng\n library. This could lead to denial of service or a\n potentially exploitable crash when a malformed image is\n processed. (CVE-2019-7317)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and\n then rendering the resulting bitmap image within a\n canvas element. (CVE-2019-9797)\n\n - Cross-origin images can be read from a\n canvas element in violation of the same-\n origin policy using the\n transferFromImageBitmap method.\n (CVE-2018-18511)\n\n - A vulnerability exists in the Windows sandbox where an\n uninitialized value in memory can be leaked to a\n renderer from a broker when making a call to access an\n otherwise unavailable file. This results in the\n potential leaking of information stored at that memory\n location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via\n drop event data. This allows for the theft\n of browser history by a malicious site. (CVE-2019-11698)\n\n - An out-of-bounds read can occur in the Skia library\n during path transformations. This could result in the\n exposure of data stored in memory. (CVE-2019-5798)\n\n - Mozilla developers and community members Olli Pettay,\n Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga,\n Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald\n Crane, and Ted Campbell reported memory safety bugs\n present in Firefox 66 and Firefox ESR 60.6. Some of\n these bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these could\n be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 60.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'60.7', min:'60.0.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-19T16:00:31", "description": "This update for MozillaFirefox fixes the following issues :\n\nMozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14) :\n\n - CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n\n - CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n - CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n\n - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\n - CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox\n\n - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n\n - CVE-2019-5798: Out-of-bounds read in Skia\n\n - CVE-2019-7317: Use-after-free in png_image_free of libpng library\n\n - CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n\n - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\n - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n\n - CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\n - CVE-2019-9817: Stealing of cross-domain images using canvas\n\n - CVE-2019-9818: (Windows only) Use-after-free in crash generation server\n\n - CVE-2019-9819: Compartment mismatch with fetch API\n\n - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\n - CVE-2019-9821: Use-after-free in AssertWorkerThread", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo", "p-cpe:/a:novell:opensuse:mozillafirefox-debugsource", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1534.NASL", "href": "https://www.tenable.com/plugins/nessus/125809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1534.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125809);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-9821\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\nMozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14) :\n\n - CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n\n - CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n - CVE-2019-11692: Use-after-free removing listeners in the\n event listener manager\n\n - CVE-2019-11693: Buffer overflow in WebGL bufferdata on\n Linux\n\n - CVE-2019-11694: (Windows only) Uninitialized memory\n memory leakage in Windows sandbox\n\n - CVE-2019-11698: Theft of user history data through drag\n and drop of hyperlinks to and from bookmarks\n\n - CVE-2019-5798: Out-of-bounds read in Skia\n\n - CVE-2019-7317: Use-after-free in png_image_free of\n libpng library\n\n - CVE-2019-9797: Cross-origin theft of images with\n createImageBitmap\n\n - CVE-2019-9800: Memory safety bugs fixed in Firefox 67\n and Firefox ESR 60.7\n\n - CVE-2019-9815: Disable hyperthreading on content\n JavaScript threads on macOS\n\n - CVE-2019-9816: Type confusion with object groups and\n UnboxedObjects\n\n - CVE-2019-9817: Stealing of cross-domain images using\n canvas\n\n - CVE-2019-9818: (Windows only) Use-after-free in crash\n generation server\n\n - CVE-2019-9819: Compartment mismatch with fetch API\n\n - CVE-2019-9820: Use-after-free of ChromeEventHandler by\n DocShell\n\n - CVE-2019-9821: Use-after-free in AssertWorkerThread\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135824\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-debuginfo-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-debugsource-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-devel-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-translations-common-60.7.0-lp150.3.54.5\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"MozillaFirefox-translations-other-60.7.0-lp150.3.54.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:32:26", "description": "The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory.\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. (CVE-2019-9821)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. (CVE-2019-11695)\n\n - Files with the .JNLP extension used for Java web start applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. (CVE-2019-11696)\n\n - If the ALT and a keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension.\n (CVE-2019-11697)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n\n - A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted.\n Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11700)\n\n - A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks.\n (CVE-2019-11699)\n\n - The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected. (CVE-2019-11701)\n\n - Mozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, Andr Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9814)\n\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 67.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701"], "modified": "2019-10-30T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOS_FIREFOX_67_0.NASL", "href": "https://www.tenable.com/plugins/nessus/125360", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-13.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125360);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\n \"CVE-2019-7317\",\n \"CVE-2019-9800\",\n \"CVE-2019-9814\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-9821\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11695\",\n \"CVE-2019-11696\",\n \"CVE-2019-11697\",\n \"CVE-2019-11698\",\n \"CVE-2019-11699\",\n \"CVE-2019-11700\",\n \"CVE-2019-11701\"\n );\n script_bugtraq_id(\n 108098,\n 108418,\n 108421\n );\n script_xref(name:\"MFSA\", value:\"2019-13\");\n\n script_name(english:\"Mozilla Firefox < 67.0\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote macOS or Mac OS X host\nis prior to 67.0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2019-13 advisory.\n\n - If hyperthreading is not disabled, a timing attack\n vulnerability exists, similar to previous Spectre\n attacks. Apple has shipped macOS 10.14.5 with an option\n to disable hyperthreading in applications running\n untrusted code in a thread through a new sysctl. Firefox\n now makes use of it on the main thread and any worker\n threads. Note: users need to update to macOS 10.14.5\n in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. Note: this vulnerability has\n only been demonstrated with UnboxedObjects,\n which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation\n server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main\n process, resulting in a potentially exploitable crash\n and a sandbox escape. Note: this vulnerability only\n affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API,\n resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur in\n AssertWorkerThread due to a race condition\n with shared workers. This results in a potentially\n exploitable crash. (CVE-2019-9821)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop,\n causing the XHR main thread to be called after it has\n been freed. This results in a potentially exploitable\n crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is\n vulnerable to a buffer overflow with specific graphics\n drivers on Linux. This could result in malicious content\n freezing a tab or triggering a potentially exploitable\n crash. Note: this issue only occurs on Linux. Other\n operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the\n pngimagefree function in the libpng\n library. This could lead to denial of service or a\n potentially exploitable crash when a malformed image is\n processed. (CVE-2019-7317)\n\n - A vulnerability exists in the Windows sandbox where an\n uninitialized value in memory can be leaked to a\n renderer from a broker when making a call to access an\n otherwise unavailable file. This results in the\n potential leaking of information stored at that memory\n location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - A custom cursor defined by scripting on a site can\n position itself over the addressbar to spoof the actual\n cursor when it should not be allowed outside of the\n primary web content area. This could be used by a\n malicious site to trick users into clicking on\n permission prompts, doorhanger notifications, or other\n buttons inadvertently if the location is spoofed over\n the user interface. (CVE-2019-11695)\n\n - Files with the .JNLP extension used for\n Java web start applications are not treated as\n executable content for download prompts even though they\n can be executed if Java is installed on the local\n system. This could allow users to mistakenly launch an\n executable binary locally. (CVE-2019-11696)\n\n - If the ALT and a keys are pressed when\n users receive an extension installation prompt, the\n extension will be installed without the install prompt\n delay that keeps the prompt visible in order for users\n to accept or decline the installation. A malicious web\n page could use this with spoofing on the page to trick\n users into installing a malicious extension.\n (CVE-2019-11697)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via\n drop event data. This allows for the theft\n of browser history by a malicious site. (CVE-2019-11698)\n\n - A hyperlink using the res: protocol can be\n used to open local files at a known location in Internet\n Explorer if a user approves execution when prompted.\n Note: this issue only occurs on Windows. Other\n operating systems are unaffected. (CVE-2019-11700)\n\n - A malicious page can briefly cause the wrong name to be\n highlighted as the domain name in the addressbar during\n page navigations. This could result in user confusion of\n which site is currently loaded for spoofing attacks.\n (CVE-2019-11699)\n\n - The default webcal: protocol handler will\n load a web site vulnerable to cross-site scripting (XSS)\n attacks. This default was left in place as a legacy\n feature and has now been removed. Note: this issue\n only affects users with an account on the vulnerable\n service. Other users are unaffected. (CVE-2019-11701)\n\n - Mozilla developers and community members Christian\n Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan\n Varga, Marcia Knous, Andr Bargull, and Philipp reported\n memory safety bugs present in Firefox 66. Some of these\n bugs showed evidence of memory corruption and we presume\n that with enough effort that some of these could be\n exploited to run arbitrary code. (CVE-2019-9814)\n\n - Mozilla developers and community members Olli Pettay,\n Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga,\n Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald\n Crane, and Ted Campbell reported memory safety bugs\n present in Firefox 66 and Firefox ESR 60.6. Some of\n these bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these could\n be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 67.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (is_esr) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:FALSE, fix:'67.0', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:39", "description": "The version of Firefox installed on the remote Windows host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory.\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. (CVE-2019-9821)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. (CVE-2019-11695)\n\n - Files with the .JNLP extension used for Java web start applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. (CVE-2019-11696)\n\n - If the ALT and a keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension.\n (CVE-2019-11697)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n\n - A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted.\n Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11700)\n\n - A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks.\n (CVE-2019-11699)\n\n - The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected. (CVE-2019-11701)\n\n - Mozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, Andr Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9814)\n\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 67.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701"], "modified": "2019-10-30T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_67_0.NASL", "href": "https://www.tenable.com/plugins/nessus/125361", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2019-13.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125361);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/30 13:24:47\");\n\n script_cve_id(\n \"CVE-2019-7317\",\n \"CVE-2019-9800\",\n \"CVE-2019-9814\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-9821\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11695\",\n \"CVE-2019-11696\",\n \"CVE-2019-11697\",\n \"CVE-2019-11698\",\n \"CVE-2019-11699\",\n \"CVE-2019-11700\",\n \"CVE-2019-11701\"\n );\n script_bugtraq_id(\n 108098,\n 108418,\n 108421\n );\n script_xref(name:\"MFSA\", value:\"2019-13\");\n\n script_name(english:\"Mozilla Firefox < 67.0\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior\nto 67.0. It is, therefore, affected by multiple vulnerabilities as\nreferenced in the mfsa2019-13 advisory.\n\n - If hyperthreading is not disabled, a timing attack\n vulnerability exists, similar to previous Spectre\n attacks. Apple has shipped macOS 10.14.5 with an option\n to disable hyperthreading in applications running\n untrusted code in a thread through a new sysctl. Firefox\n now makes use of it on the main thread and any worker\n threads. Note: users need to update to macOS 10.14.5\n in order to take advantage of this change.\n (CVE-2019-9815)\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. Note: this vulnerability has\n only been demonstrated with UnboxedObjects,\n which are disabled by default on all supported releases.\n (CVE-2019-9816)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. (CVE-2019-9817)\n\n - A race condition is present in the crash generation\n server used to generate data for the crash reporter.\n This issue can lead to a use-after-free in the main\n process, resulting in a potentially exploitable crash\n and a sandbox escape. Note: this vulnerability only\n affects Windows. Other operating systems are unaffected.\n (CVE-2019-9818)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API,\n resulting in a potentially exploitable crash.\n (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash.\n (CVE-2019-9820)\n\n - A use-after-free vulnerability can occur in\n AssertWorkerThread due to a race condition\n with shared workers. This results in a potentially\n exploitable crash. (CVE-2019-9821)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop,\n causing the XHR main thread to be called after it has\n been freed. This results in a potentially exploitable\n crash. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n (CVE-2019-11692)\n\n - The bufferdata function in WebGL is\n vulnerable to a buffer overflow with specific graphics\n drivers on Linux. This could result in malicious content\n freezing a tab or triggering a potentially exploitable\n crash. Note: this issue only occurs on Linux. Other\n operating systems are unaffected. (CVE-2019-11693)\n\n - A use-after-free vulnerability was discovered in the\n pngimagefree function in the libpng\n library. This could lead to denial of service or a\n potentially exploitable crash when a malformed image is\n processed. (CVE-2019-7317)\n\n - A vulnerability exists in the Windows sandbox where an\n uninitialized value in memory can be leaked to a\n renderer from a broker when making a call to access an\n otherwise unavailable file. This results in the\n potential leaking of information stored at that memory\n location. Note: this issue only occurs on Windows.\n Other operating systems are unaffected. (CVE-2019-11694)\n\n - A custom cursor defined by scripting on a site can\n position itself over the addressbar to spoof the actual\n cursor when it should not be allowed outside of the\n primary web content area. This could be used by a\n malicious site to trick users into clicking on\n permission prompts, doorhanger notifications, or other\n buttons inadvertently if the location is spoofed over\n the user interface. (CVE-2019-11695)\n\n - Files with the .JNLP extension used for\n Java web start applications are not treated as\n executable content for download prompts even though they\n can be executed if Java is installed on the local\n system. This could allow users to mistakenly launch an\n executable binary locally. (CVE-2019-11696)\n\n - If the ALT and a keys are pressed when\n users receive an extension installation prompt, the\n extension will be installed without the install prompt\n delay that keeps the prompt visible in order for users\n to accept or decline the installation. A malicious web\n page could use this with spoofing on the page to trick\n users into installing a malicious extension.\n (CVE-2019-11697)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via\n drop event data. This allows for the theft\n of browser history by a malicious site. (CVE-2019-11698)\n\n - A hyperlink using the res: protocol can be\n used to open local files at a known location in Internet\n Explorer if a user approves execution when prompted.\n Note: this issue only occurs on Windows. Other\n operating systems are unaffected. (CVE-2019-11700)\n\n - A malicious page can briefly cause the wrong name to be\n highlighted as the domain name in the addressbar during\n page navigations. This could result in user confusion of\n which site is currently loaded for spoofing attacks.\n (CVE-2019-11699)\n\n - The default webcal: protocol handler will\n load a web site vulnerable to cross-site scripting (XSS)\n attacks. This default was left in place as a legacy\n feature and has now been removed. Note: this issue\n only affects users with an account on the vulnerable\n service. Other users are unaffected. (CVE-2019-11701)\n\n - Mozilla developers and community members Christian\n Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan\n Varga, Marcia Knous, Andr Bargull, and Philipp reported\n memory safety bugs present in Firefox 66. Some of these\n bugs showed evidence of memory corruption and we presume\n that with enough effort that some of these could be\n exploited to run arbitrary code. (CVE-2019-9814)\n\n - Mozilla developers and community members Olli Pettay,\n Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga,\n Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald\n Crane, and Ted Campbell reported memory safety bugs\n present in Firefox 66 and Firefox ESR 60.6. Some of\n these bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these could\n be exploited to run arbitrary code. (CVE-2019-9800)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 67.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'67.0', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:40", "description": "Mozilla Foundation reports :\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\nCVE-2019-9817: Stealing of cross-domain images using canvas\n\nCVE-2019-9818: Use-after-free in crash generation server\n\nCVE-2019-9819: Compartment mismatch with fetch API\n\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\nCVE-2019-9821: Use-after-free in AssertWorkerThread\n\nCVE-2019-11691: Use-after-free in XMLHttpRequest\n\nCVE-2019-11692: Use-after-free removing listeners in the event listener manager\n\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\n\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n\nCVE-2019-11695: Custom cursor can render over user interface outside of web content\n\nCVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts\n\nCVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions\n\nCVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n\nCVE-2019-11700: res: protocol can be used to open known local files\n\nCVE-2019-11699: Incorrect domain name highlighting during page navigation\n\nCVE-2019-11701: webcal: protocol default handler loads vulnerable web page\n\nCVE-2019-9814: Memory safety bugs fixed in Firefox 67\n\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2019-07-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:firefox-esr", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:waterfox", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_44B6DFBF4EF74D52AD522B1B05D81272.NASL", "href": "https://www.tenable.com/plugins/nessus/125346", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125346);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/26 16:46:13\");\n\n script_cve_id(\"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11694\", \"CVE-2019-11695\", \"CVE-2019-11696\", \"CVE-2019-11697\", \"CVE-2019-11698\", \"CVE-2019-11699\", \"CVE-2019-11700\", \"CVE-2019-11701\", \"CVE-2019-7317\", \"CVE-2019-9800\", \"CVE-2019-9814\", \"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\", \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-9821\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on\nmacOS\n\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\nCVE-2019-9817: Stealing of cross-domain images using canvas\n\nCVE-2019-9818: Use-after-free in crash generation server\n\nCVE-2019-9819: Compartment mismatch with fetch API\n\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\nCVE-2019-9821: Use-after-free in AssertWorkerThread\n\nCVE-2019-11691: Use-after-free in XMLHttpRequest\n\nCVE-2019-11692: Use-after-free removing listeners in the event\nlistener manager\n\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\n\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n\nCVE-2019-11695: Custom cursor can render over user interface outside\nof web content\n\nCVE-2019-11696: Java web start .JNLP files are not recognized as\nexecutable files for download prompts\n\nCVE-2019-11697: Pressing key combinations can bypass installation\nprompt delays and install extensions\n\nCVE-2019-11698: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks\n\nCVE-2019-11700: res: protocol can be used to open known local files\n\nCVE-2019-11699: Incorrect domain name highlighting during page\nnavigation\n\nCVE-2019-11701: webcal: protocol default handler loads vulnerable web\npage\n\nCVE-2019-9814: Memory safety bugs fixed in Firefox 67\n\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n60.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/advisories/mfsa2019-13/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/advisories/mfsa2019-14/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/security/advisories/mfsa2019-15/\"\n );\n # https://vuxml.freebsd.org/freebsd/44b6dfbf-4ef7-4d52-ad52-2b1b05d81272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92883668\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:waterfox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<67.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"waterfox<56.2.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.53.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.53.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<60.7.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<60.7.0,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<60.7.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<60.7.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<60.7.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-25T14:24:27", "description": "The version of Firefox installed on the remote host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory:\n\n - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. (CVE-2019-9815)\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816)\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817)\n - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818)\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819)\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820)\n - A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. (CVE-2019-9821)\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691)\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692)\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693)\n - A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317)\n - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694)\n - A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. (CVE-2019-11695)\n - Files with the .JNLP extension used for 'Java web start' applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. (CVE-2019-11696)\n - If the ALT and 'a' keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. (CVE-2019-11697)\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. (CVE-2019-11698)\n - A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11700)\n - A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. (CVE-2019-11699)\n - The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected. (CVE-2019-11701)\n - Mozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, Andre Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9814)\n - Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2019-9800)\n\n Note that NNM has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-21T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 67.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2019-05-21T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "700727.PRM", "href": "https://www.tenable.com/plugins/nnm/700727", "sourceData": "Binary data 700727.prm", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511) Out-of-bounds read in Skia. (CVE-2019-5798) Use-after-free in png_image_free of libpng library. (CVE-2019-7317) Cross-origin theft of images with createImageBitmap. (CVE-2019-9797) Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and firefox 60.7. (CVE-2019-9800) Type confusion with object groups and UnboxedObjects. (CVE-2019-9816) Stealing of cross-domain images using canvas. (CVE-2019-9817) Use-after-free in crash generation server. (CVE-2019-9818) Compartment mismatch with fetch API. (CVE-2019-9819) Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820) Use-after-free in XMLHttpRequest. (CVE-2019-11691) Use-after-free removing listeners in the event listener manager. (CVE-2019-11692) Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693) Theft of user history data through drag and drop of hyperlinks to and from bookmarks. (CVE-2019-11698) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-10T22:17:03", "type": "mageia", "title": "Updated firefox packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-06-10T22:17:03", "id": "MGASA-2019-0191", "href": "https://advisories.mageia.org/MGASA-2019-0191.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511) Out-of-bounds read in Skia. (CVE-2019-5798) Use-after-free in png_image_free of libpng library. (CVE-2019-7317) Cross-origin theft of images with createImageBitmap. (CVE-2019-9797) Memory safety bugs fixed in Thunderbird 60.7. (CVE-2019-9800) Type confusion with object groups and UnboxedObjects. (CVE-2019-9816) Stealing of cross-domain images using canvas. (CVE-2019-9817) Use-after-free in crash generation server. (CVE-2019-9818) Compartment mismatch with fetch API. (CVE-2019-9819) Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820) Use-after-free in XMLHttpRequest. (CVE-2019-11691) Use-after-free removing listeners in the event listener manager. (CVE-2019-11692) Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693) Theft of user history data through drag and drop of hyperlinks to and from bookmarks. (CVE-2019-11698) Inline-PGP messages that allows an attacker to have Enigmail display a correctly signed or encrypted message info, but display a different unauthenticated text. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-10T22:17:03", "type": "mageia", "title": "Updated thunderbird packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-06-10T22:17:03", "id": "MGASA-2019-0190", "href": "https://advisories.mageia.org/MGASA-2019-0190.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-03-05T17:32:40", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2019-13_2019-15 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-9797", "CVE-2019-11694", "CVE-2019-7317", "CVE-2019-9817", "CVE-2018-18511", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-5798", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310815082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815082", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815082\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\",\n \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-7317\", \"CVE-2019-11691\",\n \"CVE-2019-11692\", \"CVE-2019-9797\", \"CVE-2018-18511\", \"CVE-2019-11694\",\n \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-9800\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-24 12:21:27 +0530 (Fri, 24 May 2019)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2019-13_2019-15 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An out-of-bounds read error in Skia.\n\n - Theft of user history data through drag and drop of hyperlinks to and from bookmarks.\n\n - An uninitialized memory memory leakage in Windows.\n\n - Cross-origin theft of images with ImageBitmapRenderingContext and createImageBitmap.\n\n - Multiple use-after-free errors in png_image_free of libpng library,\n event listener manager, XMLHttpRequest, chrome event handler and crash generation server.\n\n - Compartment mismatch with fetch API.\n\n - Stealing of cross-domain images using canvas.\n\n - Type confusion with object groups and UnboxedObjects.\n\n - A timing attack vulnerability related to not disabling hyperthreading.\n\n - Memory safety bugs\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct timing attack, security bypass, execute arbitrary code denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 60.7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 60.7\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\");\n script_xref(name:\"URL\", value:\"https://www.thunderbird.net\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\ntbVer = infos['version'];\ntbPath = infos['location'];\n\nif(version_is_less(version:tbVer, test_version:\"60.7\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"60.7\", install_path:tbPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-01T13:50:36", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-05-22T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (mfsa_2019-09_2019-14)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-9797", "CVE-2019-11694", "CVE-2019-7317", "CVE-2019-9817", "CVE-2019-11693", "CVE-2018-18511", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-5798", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818"], "modified": "2019-08-01T00:00:00", "id": "OPENVAS:1361412562310814898", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814898", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814898\");\n script_version(\"2019-08-01T07:22:04+0000\");\n script_cve_id(\"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\",\n \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-11691\", \"CVE-2019-11692\",\n \"CVE-2019-7317\", \"CVE-2019-11693\", \"CVE-2018-18511\", \"CVE-2019-9797\",\n \"CVE-2019-11694\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-9800\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-01 07:22:04 +0000 (Thu, 01 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-22 12:31:12 +0530 (Wed, 22 May 2019)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2019-09_2019-14)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion error with object groups and UnboxedObjects.\n\n - A cross-domain theft of images using canvas.\n\n - Multiple use-after-free errors in crash generation server, ChromeEventHandler,\n XMLHttpRequest, libpng library.\n\n - A buffer overflow error in WebGL bufferdata.\n\n - Cross-origin theft of images with createImageBitmap, ImageBitmapRenderingContext.\n\n - An out-of-bounds read error in Skia.\n\n - Memory Safety bugs.\n\n - JavaScript compartment mismatch with fetch API.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to bypass security restrictions, read sensitive data\n and browser history, crash the application and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 60.7 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 60.7\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"60.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"60.7\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1534-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-9797", "CVE-2019-11694", "CVE-2019-7317", "CVE-2019-9817", "CVE-2019-11693", "CVE-2018-18511", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-5798", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9821", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852552", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852552\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11694\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\", \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-9821\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 02:01:35 +0000 (Tue, 11 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1534-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.3|openSUSELeap15\\.0)\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1534-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the openSUSE-SU-2019:1534-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox fixes the following issues:\n\n MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):\n\n * CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n\n * CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n * CVE-2019-11692: Use-after-free removing listeners in the event listener\n manager\n\n * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\n * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in\n Windows sandbox\n\n * CVE-2019-11698: Theft of user history data through drag and drop of\n hyperlinks to and from bookmarks\n\n * CVE-2019-5798: Out-of-bounds read in Skia\n\n * CVE-2019-7317: Use-after-free in png_image_free of libpng library\n\n * CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n\n * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n 60.7\n\n * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on\n macOS\n\n * CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\n * CVE-2019-9817: Stealing of cross-domain images using canvas\n\n * CVE-2019-9818: (Windows only) Use-after-free in crash generation server\n\n * CVE-2019-9819: Compartment mismatch with fetch API\n\n * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\n * CVE-2019-9821: Use-after-free in AssertWorkerThread\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1534=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1534=1\");\n\n script_tag(name:\"affected\", value:\"'MozillaFirefox' package(s) on openSUSE Leap 42.3, openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~60.7.0~145.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~60.7.0~lp150.3.54.5\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-01T13:50:30", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-05-22T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (mfsa_2019-09_2019-14)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-9797", "CVE-2019-11694", "CVE-2019-7317", "CVE-2019-9817", "CVE-2019-11693", "CVE-2018-18511", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-5798", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818"], "modified": "2019-08-01T00:00:00", "id": "OPENVAS:1361412562310814897", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814897", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814897\");\n script_version(\"2019-08-01T07:22:04+0000\");\n script_cve_id(\"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\",\n \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-11691\", \"CVE-2019-11692\",\n \"CVE-2019-7317\", \"CVE-2019-11693\", \"CVE-2018-18511\", \"CVE-2019-9797\",\n \"CVE-2019-11694\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-9800\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-01 07:22:04 +0000 (Thu, 01 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-22 12:29:43 +0530 (Wed, 22 May 2019)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2019-09_2019-14)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion error with object groups and UnboxedObjects.\n\n - A cross-domain theft of images using canvas.\n\n - Multiple use-after-free errors in crash generation server, ChromeEventHandler,\n XMLHttpRequest, libpng library.\n\n - A buffer overflow error in WebGL bufferdata.\n\n - Cross-origin theft of images with createImageBitmap, ImageBitmapRenderingContext.\n\n - An out-of-bounds read error in Skia.\n\n - Memory Safety bugs.\n\n - JavaScript compartment mismatch with fetch API.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to bypass security restrictions, read sensitive data\n and browser history, crash the application and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 60.7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 60.7\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"60.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"60.7\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:52:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:1484-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-9797", "CVE-2019-11694", "CVE-2019-7317", "CVE-2019-9817", "CVE-2019-11693", "CVE-2018-18511", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-5798", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852528", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852528\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11694\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-03 02:00:28 +0000 (Mon, 03 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:1484-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1484-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaThunderbird'\n package(s) announced via the openSUSE-SU-2019:1484-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird was updated to 60.7.0\n\n * Attachment pane of Write window no longer focused when attaching files\n using a keyboard shortcut\n\n Security issues fixed (MFSA 2019-15 boo#1135824):\n\n * CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n\n * CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n * CVE-2019-11692: Use-after-free removing listeners in the event listener\n manager\n\n * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\n * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in\n Windows sandbox\n\n * CVE-2019-11698: Theft of user history data through drag and drop of\n hyperlinks to and from bookmarks\n\n * CVE-2019-5798: Out-of-bounds read in Skia\n\n * CVE-2019-7317: Use-after-free in png_image_free of libpng library\n\n * CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n\n * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n 60.7\n\n * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on\n macOS\n\n * CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\n * CVE-2019-9817: Stealing of cross-domain images using canvas\n\n * CVE-2019-9818: Use-after-free in crash generation server\n\n * CVE-2019-9819: Compartment mismatch with fetch API\n\n * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\n - Disable LTO (boo#1133267).\n\n - Add patch to fix build using rust-1.33: (boo#1130694)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1484=1\");\n\n script_tag(name:\"affected\", value:\"'MozillaThunderbird' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~60.7.0~92.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~60.7.0~92.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~60.7.0~92.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~60.7.0~92.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~60.7.0~92.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~60.7.0~92.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-01T13:50:30", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-05-22T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates (mfsa_2019-12_2019-14)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-11694", "CVE-2019-11696", "CVE-2019-7317", "CVE-2019-11700", "CVE-2019-9817", "CVE-2019-11699", "CVE-2019-11693", "CVE-2019-9814", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9821", "CVE-2019-11701", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818", "CVE-2019-11695"], "modified": "2019-08-01T00:00:00", "id": "OPENVAS:1361412562310814896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814896", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814896\");\n script_version(\"2019-08-01T07:22:04+0000\");\n script_cve_id(\"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\",\n \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-9821\", \"CVE-2019-11691\",\n \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11694\", \"CVE-2019-11695\",\n \"CVE-2019-11696\", \"CVE-2019-11697\", \"CVE-2019-11698\", \"CVE-2019-11700\",\n \"CVE-2019-11699\", \"CVE-2019-11701\", \"CVE-2019-7317\", \"CVE-2019-9814\",\n \"CVE-2019-9800\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-01 07:22:04 +0000 (Thu, 01 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-22 12:28:26 +0530 (Wed, 22 May 2019)\");\n script_name(\"Mozilla Firefox Security Updates (mfsa_2019-12_2019-14)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion error with object groups and UnboxedObjects.\n\n - A buffer overflow error in WebGL bufferdata on Linux.\n\n - A compartment mismatch vulnerability with fetch API.\n\n - Uninitialized memory leakage vulnerability in Windows sandbox.\n\n - Incorrect domain name highlighting during page navigation.\n\n - Memory safety bugs.\n\n - Multiple use-after-free errors in crash generation server, ChromeEventHandler,\n AssertWorkerThread, XMLHttpRequest and libpng library.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to bypass security restrictions, conduct spoofing\n attacks, read sensitive data and browser history, crash the application and\n execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 67 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"67\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"67\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-01T13:50:26", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-05-22T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates (mfsa_2019-12_2019-13)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11692", "CVE-2019-11694", "CVE-2019-11696", "CVE-2019-7317", "CVE-2019-11700", "CVE-2019-9817", "CVE-2019-11699", "CVE-2019-11693", "CVE-2019-9814", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-9819", "CVE-2019-9800", "CVE-2019-9820", "CVE-2019-9821", "CVE-2019-11701", "CVE-2019-9816", "CVE-2019-11691", "CVE-2019-9815", "CVE-2019-9818", "CVE-2019-11695"], "modified": "2019-08-01T00:00:00", "id": "OPENVAS:1361412562310814895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814895", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814895\");\n script_version(\"2019-08-01T07:22:04+0000\");\n script_cve_id(\"CVE-2019-9815\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9818\",\n \"CVE-2019-9819\", \"CVE-2019-9820\", \"CVE-2019-9821\", \"CVE-2019-11691\",\n \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11694\", \"CVE-2019-11695\",\n \"CVE-2019-11696\", \"CVE-2019-11697\", \"CVE-2019-11698\", \"CVE-2019-11700\",\n \"CVE-2019-11699\", \"CVE-2019-11701\", \"CVE-2019-7317\", \"CVE-2019-9814\",\n \"CVE-2019-9800\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-01 07:22:04 +0000 (Thu, 01 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-22 12:28:11 +0530 (Wed, 22 May 2019)\");\n script_name(\"Mozilla Firefox Security Updates (mfsa_2019-12_2019-13)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - A type confusion error with object groups and UnboxedObjects.\n\n - A buffer overflow error in WebGL bufferdata on Linux.\n\n - A compartment mismatch vulnerability with fetch API.\n\n - Uninitialized memory leakage vulnerability in Windows sandbox.\n\n - Incorrect domain name highlighting during page navigation.\n\n - Memory safety bugs.\n\n - Multiple use-after-free errors in crash generation server, ChromeEventHandler,\n AssertWorkerThread, XMLHttpRequest and libpng library.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to bypass security restrictions, conduct spoofing\n attacks, read sensitive data and browser history, crash the application and\n execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 67 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE) ) exit( 0 );\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"67\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"67\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T06:11:45", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird was updated to 60.7.0\n\n * Attachment pane of Write window no longer focussed when attaching files\n using a keyboard shortcut\n\n Security issues fixed (MFSA 2019-15 boo#1135824):\n\n * CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n * CVE-2019-11691: Use-after-free in XMLHttpRequest\n * CVE-2019-11692: Use-after-free removing listeners in the event listener\n manager\n * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in\n Windows sandbox\n * CVE-2019-11698: Theft of user history data through drag and drop of\n hyperlinks to and from bookmarks\n * CVE-2019-5798: Out-of-bounds read in Skia\n * CVE-2019-7317: Use-after-free in png_image_free of libpng library\n * CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n 60.7\n * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on\n macOS\n * CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n * CVE-2019-9817: Stealing of cross-domain images using canvas\n * CVE-2019-9818: Use-after-free in crash generation server\n * CVE-2019-9819: Compartment mismatch with fetch API\n * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\n - Disable LTO (boo#1133267).\n\n - Add patch to fix build using rust-1.33: (boo#1130694)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1484=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-02T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-06-02T00:00:00", "id": "OPENSUSE-SU-2019:1484-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CTZNURZG4U3I3C6SR6N64PNF5AQ2VWNR/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:41:57", "description": "An update that fixes 17 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaFirefox fixes the following issues:\n\n MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):\n\n * CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n * CVE-2019-11691: Use-after-free in XMLHttpRequest\n * CVE-2019-11692: Use-after-free removing listeners in the event listener\n manager\n * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in\n Windows sandbox\n * CVE-2019-11698: Theft of user history data through drag and drop of\n hyperlinks to and from bookmarks\n * CVE-2019-5798: Out-of-bounds read in Skia\n * CVE-2019-7317: Use-after-free in png_image_free of libpng library\n * CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n 60.7\n * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on\n macOS\n * CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n * CVE-2019-9817: Stealing of cross-domain images using canvas\n * CVE-2019-9818: (Windows only) Use-after-free in crash generation server\n * CVE-2019-9819: Compartment mismatch with fetch API\n * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n * CVE-2019-9821: Use-after-free in AssertWorkerThread\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1534=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1534=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-10T00:00:00", "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2019-06-10T00:00:00", "id": "OPENSUSE-SU-2019:1534-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:41:57", "description": "An update that fixes 22 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird was updated to 60.7.2 / MFSA 2019-20 (boo#1138872):\n * CVE-2019-11707: Type confusion in Array.pop\n * CVE-2019-11708: sandbox escape using Prompt:Open\n\n Mozilla Thunderbird was updated to 60.7.1 / MFSA 2019-17 (boo#1137595):\n * CVE-2019-11703: Heap buffer overflow in icalparser.c\n * CVE-2019-11704: Heap buffer overflow in icalvalue.c\n * CVE-2019-11705: Stack buffer overflow in icalrecur.c\n * CVE-2019-11706: Type confusion in icalproperty.c\n\n Also fixed: No prompt for smartcard PIN when S/MIME signing is used\n\n Mozilla Thunderbird was updated to 60.7.0 / MFSA 2019-15 (boo#1135824):\n\n * Attachment pane of Write window no longer focussed when attaching files\n using a keyboard shortcut\n\n * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on\n macOS\n * CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n * CVE-2019-9817: Stealing of cross-domain images using canvas\n * CVE-2019-9818 (Windows only): Use-after-free in crash generation server\n * CVE-2019-9819: Compartment mismatch with fetch API\n * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n * CVE-2019-11691: Use-after-free in XMLHttpRequest\n * CVE-2019-11692: Use-after-free removing listeners in the event listener\n manager\n * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n * CVE-2019-7317: Use-after-free in png_image_free of libpng library\n * CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n * CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n * CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n * CVE-2019-11698: Theft of user history data through drag and drop of\n hyperlinks to and from bookmarks\n * CVE-2019-5798: Out-of-bounds read in Skia\n * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n 60.7\n\n - Disable building with LTO (boo#1133267).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2019-1664=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-28T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-11703", "CVE-2019-11704", "CVE-2019-11705", "CVE-2019-11706", "CVE-2019-11707", "CVE-2019-11708", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-06-28T00:00:00", "id": "OPENSUSE-SU-2019:1664-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mozilla": [{"lastseen": "2023-12-03T16:49:40", "description": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\nA possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\nImages from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.\nA race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\nA vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\nA use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. \nA use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. \nA use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\nThe bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.\nA use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed.\nCross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.\nCross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. \nA vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.\nIf a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. \nAn out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory.\nMozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "mozilla", "title": "Security vulnerabilities fixed in Thunderbird 60.7 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-05-21T00:00:00", "id": "MFSA2019-15", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:49:40", "description": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\nA possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\nImages from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.\nA race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\nA vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\nA use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. \nA use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. \nA use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\nThe bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.\nA use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed.\nCross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.\nCross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. \nA vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.\nIf a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. \nAn out-of-bounds read can occur in the Skia library during path transformations. This could result in the exposure of data stored in memory.\nMozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "mozilla", "title": "Security vulnerabilities fixed in Firefox ESR 60.7 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-05-21T00:00:00", "id": "MFSA2019-14", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:49:40", "description": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.\nA possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.\nImages from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.\nA race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected.\nA vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.\nA use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. \nA use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash.\nA use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. \nA use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\nThe bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.\nA use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed.\nA vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.\nA custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface.\nFiles with the .JNLP extension used for \"Java web start\" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally.\nIf the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension.\nIf a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. \nA hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected.\nA malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks.\nThe default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.\nMozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, Andr\u00e9 Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "mozilla", "title": "Security vulnerabilities fixed in Firefox 67 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2019-05-21T00:00:00", "id": "MFSA2019-13", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-12-03T19:30:16", "description": "### *Detect date*:\n05/21/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 60.7\n\n### *Solution*:\nUpdate to the latest version\n\n### *Original advisories*:\n[mfsa2019-15](<https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2018-18511](<https://vulners.com/cve/CVE-2018-18511>)4.3Warning \n[CVE-2019-5798](<https://vulners.com/cve/CVE-2019-5798>)4.3Warning \n[CVE-2019-9797](<https://vulners.com/cve/CVE-2019-9797>)5.0Critical \n[CVE-2019-9816](<https://vulners.com/cve/CVE-2019-9816>)4.3Warning \n[CVE-2019-9817](<https://vulners.com/cve/CVE-2019-9817>)5.0Critical \n[CVE-2019-9818](<https://vulners.com/cve/CVE-2019-9818>)5.1High \n[CVE-2019-9819](<https://vulners.com/cve/CVE-2019-9819>)7.5Critical \n[CVE-2019-9820](<https://vulners.com/cve/CVE-2019-9820>)7.5Critical \n[CVE-2019-11691](<https://vulners.com/cve/CVE-2019-11691>)7.5Critical \n[CVE-2019-11692](<https://vulners.com/cve/CVE-2019-11692>)7.5Critical \n[CVE-2019-7317](<https://vulners.com/cve/CVE-2019-7317>)2.6Warning \n[CVE-2019-11694](<https://vulners.com/cve/CVE-2019-11694>)5.0Critical \n[CVE-2019-11698](<https://vulners.com/cve/CVE-2019-11698>)5.0Critical \n[CVE-2019-9800](<https://vulners.com/cve/CVE-2019-9800>)7.5Critical \n[CVE-2019-9815](<https://vulners.com/cve/CVE-2019-9815>)6.8High \n[CVE-2019-11693](<https://vulners.com/cve/CVE-2019-11693>)7.5Critical", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "kaspersky", "title": "KLA11488 Multiple vulnerabilities in Mozilla Thunderbird", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-06-03T00:00:00", "id": "KLA11488", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11488/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:30:18", "description": "### *Detect date*:\n05/21/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox ESR earlier than 60.7\n\n### *Solution*:\nUpdate to the latest version\n\n### *Original advisories*:\n[mfsa2019-14](<https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox ESR](<https://threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/>)\n\n### *CVE-IDS*:\n[CVE-2018-18511](<https://vulners.com/cve/CVE-2018-18511>)4.3Warning \n[CVE-2019-5798](<https://vulners.com/cve/CVE-2019-5798>)4.3Warning \n[CVE-2019-9797](<https://vulners.com/cve/CVE-2019-9797>)5.0Critical \n[CVE-2019-9816](<https://vulners.com/cve/CVE-2019-9816>)4.3Warning \n[CVE-2019-9817](<https://vulners.com/cve/CVE-2019-9817>)5.0Critical \n[CVE-2019-9818](<https://vulners.com/cve/CVE-2019-9818>)5.1High \n[CVE-2019-9819](<https://vulners.com/cve/CVE-2019-9819>)7.5Critical \n[CVE-2019-9820](<https://vulners.com/cve/CVE-2019-9820>)7.5Critical \n[CVE-2019-11691](<https://vulners.com/cve/CVE-2019-11691>)7.5Critical \n[CVE-2019-11692](<https://vulners.com/cve/CVE-2019-11692>)7.5Critical \n[CVE-2019-7317](<https://vulners.com/cve/CVE-2019-7317>)2.6Warning \n[CVE-2019-11694](<https://vulners.com/cve/CVE-2019-11694>)5.0Critical \n[CVE-2019-11698](<https://vulners.com/cve/CVE-2019-11698>)5.0Critical \n[CVE-2019-9800](<https://vulners.com/cve/CVE-2019-9800>)7.5Critical \n[CVE-2019-9815](<https://vulners.com/cve/CVE-2019-9815>)6.8High \n[CVE-2019-11693](<https://vulners.com/cve/CVE-2019-11693>)7.5Critical", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "kaspersky", "title": "KLA11487 Multiple vulnerabilities in Mozilla Firefox ESR", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-06-03T00:00:00", "id": "KLA11487", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11487/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:30:21", "description": "### *Detect date*:\n05/21/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface, perform cross-site scripting attack, execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox earlier than 67\n\n### *Solution*:\nUpdate to the latest version\n\n### *Original advisories*:\n[mfsa2019-13](<https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2019-9816](<https://vulners.com/cve/CVE-2019-9816>)4.3Warning \n[CVE-2019-9817](<https://vulners.com/cve/CVE-2019-9817>)5.0Critical \n[CVE-2019-9818](<https://vulners.com/cve/CVE-2019-9818>)5.1High \n[CVE-2019-9819](<https://vulners.com/cve/CVE-2019-9819>)7.5Critical \n[CVE-2019-9820](<https://vulners.com/cve/CVE-2019-9820>)7.5Critical \n[CVE-2019-9821](<https://vulners.com/cve/CVE-2019-9821>)6.8High \n[CVE-2019-11691](<https://vulners.com/cve/CVE-2019-11691>)7.5Critical \n[CVE-2019-11692](<https://vulners.com/cve/CVE-2019-11692>)7.5Critical \n[CVE-2019-7317](<https://vulners.com/cve/CVE-2019-7317>)2.6Warning \n[CVE-2019-11694](<https://vulners.com/cve/CVE-2019-11694>)5.0Critical \n[CVE-2019-11695](<https://vulners.com/cve/CVE-2019-11695>)4.3Warning \n[CVE-2019-11696](<https://vulners.com/cve/CVE-2019-11696>)6.8High \n[CVE-2019-11697](<https://vulners.com/cve/CVE-2019-11697>)4.3Warning \n[CVE-2019-11698](<https://vulners.com/cve/CVE-2019-11698>)5.0Critical \n[CVE-2019-11700](<https://vulners.com/cve/CVE-2019-11700>)4.3Warning \n[CVE-2019-11699](<https://vulners.com/cve/CVE-2019-11699>)4.3Warning \n[CVE-2019-11701](<https://vulners.com/cve/CVE-2019-11701>)4.3Warning \n[CVE-2019-9814](<https://vulners.com/cve/CVE-2019-9814>)7.5Critical \n[CVE-2019-9800](<https://vulners.com/cve/CVE-2019-9800>)7.5Critical \n[CVE-2019-9815](<https://vulners.com/cve/CVE-2019-9815>)6.8High \n[CVE-2019-11693](<https://vulners.com/cve/CVE-2019-11693>)7.5Critical", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "kaspersky", "title": "KLA11486 Multiple vulnerabilities in Mozilla Firefox", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2020-06-03T00:00:00", "id": "KLA11486", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11486/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2023-12-03T16:44:37", "description": "New mozilla-firefox packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements. Some of the patched\n flaws are considered critical, and could be used to run attacker code and\n install software, requiring no user interaction beyond normal browsing.\n For more information, see:\n https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.7.0esr-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.7.0esr-i686-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.7.0esr-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\n9bb86b28639fe241a285ae8868f6fd3c mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n71cfd983350a89459015e89af1f4cf46 mozilla-firefox-60.7.0esr-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n02f5b3d10ba9ef7a094f862b1a9b4120 xap/mozilla-firefox-60.7.0esr-i686-1.txz\n\nSlackware x86_64 -current package:\nb4ccd8857ce8355105c0595cf2d84154 xap/mozilla-firefox-60.7.0esr-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T23:35:28", "type": "slackware", "title": "[slackware-security] mozilla-firefox", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-05-21T23:35:28", "id": "SSA-2019-141-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.480262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "altlinux": [{"lastseen": "2023-05-07T11:42:37", "description": "May 21, 2019 Andrey Cherepanov 60.7.0-alt1\n \n \n - New ESR version (60.7.0).\n - Fixed:\n + CVE-2019-9815 Disable hyperthreading on content JavaScript threads on macOS\n + CVE-2019-9816 Type confusion with object groups and UnboxedObjects\n + CVE-2019-9817 Stealing of cross-domain images using canvas\n + CVE-2019-9818 Use-after-free in crash generation server\n + CVE-2019-9819 Compartment mismatch with fetch API\n + CVE-2019-9820 Use-after-free of ChromeEventHandler by DocShell\n + CVE-2019-11691 Use-after-free in XMLHttpRequest\n + CVE-2019-11692 Use-after-free removing listeners in the event listener manager\n + CVE-2019-11693 Buffer overflow in WebGL bufferdata on Linux\n + CVE-2019-7317 Use-after-free in png_image_free of libpng library\n + CVE-2019-9797 Cross-origin theft of images with createImageBitmap\n + CVE-2018-18511 Cross-origin theft of images with ImageBitmapRenderingContext\n + CVE-2019-11694 Uninitialized memory memory leakage in Windows sandbox\n + CVE-2019-11698 Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n + CVE-2019-5798 Out-of-bounds read in Skia\n + CVE-2019-9800 Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package firefox-esr version 60.7.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-05-21T00:00:00", "id": "7D0EAD47B6BEBFF0E2D06F9E2B17C8F8", "href": "https://packages.altlinux.org/en/p10/srpms/firefox-esr/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:39:23", "description": "May 20, 2019 Andrey Cherepanov 60.7.0-alt1\n \n \n - New version (60.7.0).\n - Fixed:\n + CVE-2019-9815 Disable hyperthreading on content JavaScript threads on macOS\n + CVE-2019-9816 Type confusion with object groups and UnboxedObjects\n + CVE-2019-9817 Stealing of cross-domain images using canvas\n + CVE-2019-9818 Use-after-free in crash generation server\n + CVE-2019-9819 Compartment mismatch with fetch API\n + CVE-2019-9820 Use-after-free of ChromeEventHandler by DocShell\n + CVE-2019-11691 Use-after-free in XMLHttpRequest\n + CVE-2019-11692 Use-after-free removing listeners in the event listener manager\n + CVE-2019-11693 Buffer overflow in WebGL bufferdata on Linux\n + CVE-2019-7317 Use-after-free in png_image_free of libpng library\n + CVE-2019-9797 Cross-origin theft of images with createImageBitmap\n + CVE-2018-18511 Cross-origin theft of images with ImageBitmapRenderingContext\n + CVE-2019-11694 Uninitialized memory memory leakage in Windows sandbox\n + CVE-2019-11698 Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n + CVE-2019-5798 Out-of-bounds read in Skia\n + CVE-2019-9800 Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-20T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package thunderbird version 60.7.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-05-20T00:00:00", "id": "FF9405F8F2E42E5DBDA0FF78FB687D36", "href": "https://packages.altlinux.org/en/p10/srpms/thunderbird/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-03T16:50:39", "description": "\n\nMozilla Foundation reports:\n\nCVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\nCVE-2019-9816: Type confusion with object groups and UnboxedObjects\nCVE-2019-9817: Stealing of cross-domain images using canvas\nCVE-2019-9818: Use-after-free in crash generation server\nCVE-2019-9819: Compartment mismatch with fetch API\nCVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\nCVE-2019-9821: Use-after-free in AssertWorkerThread\nCVE-2019-11691: Use-after-free in XMLHttpRequest\nCVE-2019-11692: Use-after-free removing listeners in the event listener manager\nCVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\nCVE-2019-7317: Use-after-free in png_image_free of libpng library\nCVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\nCVE-2019-11695: Custom cursor can render over user interface outside of web content\nCVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts\nCVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions\nCVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\nCVE-2019-11700: res: protocol can be used to open known local files\nCVE-2019-11699: Incorrect domain name highlighting during page navigation\nCVE-2019-11701: webcal: protocol default handler loads vulnerable web page\nCVE-2019-9814: Memory safety bugs fixed in Firefox 67\nCVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-21T00:00:00", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11700", "CVE-2019-11701", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821"], "modified": "2019-07-23T00:00:00", "id": "44B6DFBF-4EF7-4D52-AD52-2B1B05D81272", "href": "https://vuxml.freebsd.org/freebsd/44b6dfbf-4ef7-4d52-ad52-2b1b05d81272.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}