ArchLinux: 201903-11: firefox: multiple issues

    Date22 Mar 2019
    CategoryArchLinux
    426
    Posted ByLinuxSecurity Advisories
    The package firefox before version 66.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, same-origin policy bypass, access restriction bypass, content spoofing and denial of service.
    Arch Linux Security Advisory ASA-201903-11
    ==========================================
    
    Severity: Critical
    Date    : 2019-03-22
    CVE-ID  : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791
              CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796
              CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-9803
              CVE-2019-9805 CVE-2019-9806 CVE-2019-9807 CVE-2019-9808
              CVE-2019-9809
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-925
    
    Summary
    =======
    
    The package firefox before version 66.0-1 is vulnerable to multiple
    issues including arbitrary code execution, information disclosure,
    same-origin policy bypass, access restriction bypass, content spoofing
    and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 66.0-1.
    
    # pacman -Syu "firefox>=66.0-1"
    
    The problems have been fixed upstream in version 66.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-9788 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 66.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2019-9789 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 66.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2019-9790 (arbitrary code execution)
    
    A use-after-free vulnerability can occur in Firefox before 66.0 when a
    raw pointer to a DOM element on a page is obtained using JavaScript and
    the element is then removed while still in use. This results in a
    potentially exploitable crash.
    
    - CVE-2019-9791 (arbitrary code execution)
    
    The type inference system in Firefox before 66.0 allows the compilation
    of functions that can cause type confusions between arbitrary objects
    when compiled through the IonMonkey just-in-time (JIT) compiler and
    when the constructor function is entered through on-stack replacement
    (OSR). This allows for possible arbitrary reading and writing of
    objects during an exploitable crash.
    
    - CVE-2019-9792 (arbitrary code execution)
    
    The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can
    leak an internal JS_OPTIMIZED_OUT magic value to the running script
    during a bailout. This magic value can then be used by JavaScript to
    achieve memory corruption, which results in a potentially exploitable
    crash.
    
    - CVE-2019-9793 (arbitrary code execution)
    
    A mechanism was discovered in Firefox before 66.0 that removes some
    bounds checking for string, array, or typed array accesses if Spectre
    mitigations have been disabled. This vulnerability could allow an
    attacker to create an arbitrary value in compiled JavaScript, for which
    the range analysis will infer a fully controlled, incorrect range in
    circumstances where users have explicitly disabled Spectre mitigations.
    Note that Spectre mitigations are currently enabled for all users by
    default settings.
    
    - CVE-2019-9795 (arbitrary code execution)
    
    A vulnerability has been found in Firefox before 66.0; where type-
    confusion in the IonMonkey just-in-time (JIT) compiler could
    potentially be used by malicious JavaScript to trigger a potentially
    exploitable crash.
    
    - CVE-2019-9796 (arbitrary code execution)
    
    A use-after-free vulnerability can occur in Firefox before 66.0 when
    the SMIL animation controller incorrectly registers with the refresh
    driver twice when only a single registration is expected. When a
    registration is later freed with the removal of the animation
    controller element, the refresh driver incorrectly leaves a dangling
    pointer to the driver's observer array.
    
    - CVE-2019-9797 (same-origin policy bypass)
    
    Cross-origin images can be read in violation of the same-origin policy,
    in Firefox before 66.0, by exporting an image after using
    createImageBitmap to read the image and then rendering the resulting
    bitmap image within a canvas element.
    
    - CVE-2019-9799 (information disclosure)
    
    Insufficient bounds checking of data during inter-process communication
    in Firefox before 66.0 might allow a compromised content process to be
    able to read memory from the parent process under certain conditions.
    
    - CVE-2019-9802 (information disclosure)
    
    If a Sandbox content process is compromised in Firefox before 66.0, it
    can initiate an FTP download which will then use a child process to
    render the downloaded data. The downloaded data can then be passed to
    the Chrome process with an arbitrary file length supplied by an
    attacker, bypassing sandbox protections and allow for a potential
    memory read of adjacent data from the privileged Chrome process, which
    may include sensitive data.
    
    - CVE-2019-9803 (access restriction bypass)
    
    The Upgrade-Insecure-Requests (UIR) specification states that if UIR is
    enabled through Content Security Policy (CSP), navigation to a same-
    origin URL must be upgraded to HTTPS. Firefox before 66.0 will
    incorrectly navigate to an HTTP URL rather than perform the security
    upgrade requested by the CSP in some circumstances, allowing for
    potential man-in-the-middle attacks on the linked resources.
    
    - CVE-2019-9805 (information disclosure)
    
    A latent vulnerability exists in the Prio library in Firefox before
    66.0 where data may be read from uninitialized memory for some
    functions, leading to potential memory corruption.
    
    - CVE-2019-9806 (denial of service)
    
    A vulnerability exists in Firefox before 66.0 during authorization
    prompting for FTP transaction where successive modal prompts are
    displayed and cannot be immediately dismissed. This allows for a denial
    of service (DOS) attack.
    
    - CVE-2019-9807 (content spoofing)
    
    When arbitrary text is sent over an FTP connection and a page reload is
    initiated in Firefox before 66.0, it is possible to create a modal
    alert message with this text as the content. This could potentially be
    used for social engineering attacks.
    
    - CVE-2019-9808 (content spoofing)
    
    If WebRTC permission is requested from documents with data: or blob:
    URLs in Firefox before 66.0, the permission notifications do not
    properly display the originating domain. The notification states
    "Unknown origin" as the requestee, leading to user confusion about
    which site is asking for this permission.
    
    - CVE-2019-9809 (denial of service)
    
    If the source for resources on a page is through an FTP connection in
    Firefox before 66.0, it is possible to trigger a series of modal alert
    messages for these resources through invalid credentials or locations.
    These messages cannot be immediately dismissed, allowing for a denial
    of service (DOS) attack.
    
    Impact
    ======
    
    A remote attacker might be able to spoof origin of a permission
    request, bypass security measures, access sensitive information, crash
    the browser or execute arbitrary code.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
    https://bugzilla.mozilla.org/show_bug.cgi?id=1525145
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
    https://bugzilla.mozilla.org/show_bug.cgi?id=1530958
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
    https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
    https://bugzilla.mozilla.org/show_bug.cgi?id=1528829
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795
    https://bugzilla.mozilla.org/show_bug.cgi?id=1514682
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
    https://bugzilla.mozilla.org/show_bug.cgi?id=1531277
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
    https://bugzilla.mozilla.org/show_bug.cgi?id=1528909
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
    https://bugzilla.mozilla.org/show_bug.cgi?id=1505678
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9802
    https://bugzilla.mozilla.org/show_bug.cgi?id=1415508
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9803
    https://bugzilla.mozilla.org/show_bug.cgi?id=1515863
    https://bugzilla.mozilla.org/show_bug.cgi?id=1437009
    https://w3c.github.io/webappsec-upgrade-insecure-requests/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9805
    https://bugzilla.mozilla.org/show_bug.cgi?id=1521360
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9806
    https://bugzilla.mozilla.org/show_bug.cgi?id=1525267
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9807
    https://bugzilla.mozilla.org/show_bug.cgi?id=1362050
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808
    https://bugzilla.mozilla.org/show_bug.cgi?id=1434634
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9809
    https://bugzilla.mozilla.org/show_bug.cgi?id=1282430
    https://bugzilla.mozilla.org/show_bug.cgi?id=1523249
    https://security.archlinux.org/CVE-2019-9788
    https://security.archlinux.org/CVE-2019-9789
    https://security.archlinux.org/CVE-2019-9790
    https://security.archlinux.org/CVE-2019-9791
    https://security.archlinux.org/CVE-2019-9792
    https://security.archlinux.org/CVE-2019-9793
    https://security.archlinux.org/CVE-2019-9795
    https://security.archlinux.org/CVE-2019-9796
    https://security.archlinux.org/CVE-2019-9797
    https://security.archlinux.org/CVE-2019-9799
    https://security.archlinux.org/CVE-2019-9802
    https://security.archlinux.org/CVE-2019-9803
    https://security.archlinux.org/CVE-2019-9805
    https://security.archlinux.org/CVE-2019-9806
    https://security.archlinux.org/CVE-2019-9807
    https://security.archlinux.org/CVE-2019-9808
    https://security.archlinux.org/CVE-2019-9809
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.