ArchLinux: 201912-1: firefox: multiple issues

    Date05 Dec 2019
    CategoryArchLinux
    188
    Posted ByLinuxSecurity Advisories
    The package firefox before version 71.0-1 is vulnerable to multiple issues including arbitrary code execution, denial of service, information disclosure and privilege escalation.
    Arch Linux Security Advisory ASA-201912-1
    =========================================
    
    Severity: Critical
    Date    : 2019-12-03
    CVE-ID  : CVE-2019-11745 CVE-2019-11756 CVE-2019-17005 CVE-2019-17008
              CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
              CVE-2019-17013 CVE-2019-17014
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1071
    
    Summary
    =======
    
    The package firefox before version 71.0-1 is vulnerable to multiple
    issues including arbitrary code execution, denial of service,
    information disclosure and privilege escalation.
    
    Resolution
    ==========
    
    Upgrade to 71.0-1.
    
    # pacman -Syu "firefox>=71.0-1"
    
    The problems have been fixed upstream in version 71.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-11745 (arbitrary code execution)
    
    An out-of-bounds write vulnerability has been found in the NSS
    component of Firefox before 71.0. When encrypting with a block cipher,
    if a call to NSC_EncryptUpdate was made with data smaller than the
    block size, a small out of bounds write could occur. This could have
    caused heap corruption and a potentially exploitable crash.
    
    - CVE-2019-11756 (denial of service)
    
    A use-after-free vulnerability has been found in Firefox before 71.0
    where improper reference counting of soft token session objects could
    cause a use-after-free and crash (likely limited to a denial of
    service).
    
    - CVE-2019-17005 (arbitrary code execution)
    
    An out-of-bounds write vulnerability has been found in Firefox before
    71.0 where the plain text serializer used a fixed-size array for the
    number of elements it could process; however it was possible to
    overflow the static-sized array leading to memory corruption and a
    potentially exploitable crash.
    
    - CVE-2019-17008 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 71.0.
    When using nested workers, a use-after-free could occur during worker
    destruction. This resulted in a potentially exploitable crash.
    
    - CVE-2019-17009 (privilege escalation)
    
    A privilege escalation vulnerability has been found in Firefox before
    71.0. When running, the updater service wrote status and log files to
    an unrestricted location; potentially allowing an unprivileged process
    to locate and exploit a vulnerability in file handling in the updater
    service.
    
    - CVE-2019-17010 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 71.0.
    Under certain conditions, when checking the Resist Fingerprinting
    preference during device orientation checks, a race condition could
    have caused a use-after-free and a potentially exploitable crash.
    
    - CVE-2019-17011 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 71.0.
    Under certain conditions, when retrieving a document from a DocShell in
    the antitracking code, a race condition could cause a use-after-free
    condition and a potentially exploitable crash.
    
    - CVE-2019-17012 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 71.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could have been exploited to run
    arbitrary code.
    
    - CVE-2019-17013 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 71.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could have been exploited to run
    arbitrary code.
    
    - CVE-2019-17014 (information disclosure)
    
    An information disclosure issue has been found in Firefox before 71.0
    where, if an image had not loaded correctly (such as when it is not
    actually an image), it could be dragged and dropped cross-domain,
    resulting in a cross-origin information leak.
    
    Impact
    ======
    
    A remote attacker can crash Firefox, access sensitive information,
    escalate privileges and execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11745
    https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756
    https://bugzilla.mozilla.org/show_bug.cgi?id=1508776
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005
    https://bugzilla.mozilla.org/show_bug.cgi?id=1584170
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
    https://bugzilla.mozilla.org/show_bug.cgi?id=1546331
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009
    https://bugzilla.mozilla.org/show_bug.cgi?id=1510494
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
    https://bugzilla.mozilla.org/show_bug.cgi?id=1581084
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
    https://bugzilla.mozilla.org/show_bug.cgi?id=1591334
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1298509%2C1472328%2C1577439%2C1577937%2C1580320%2C1584195%2C1585106%2C1586293%2C1593865%2C1594181
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
    https://bugzilla.mozilla.org/show_bug.cgi?id=1322864
    https://security.archlinux.org/CVE-2019-11745
    https://security.archlinux.org/CVE-2019-11756
    https://security.archlinux.org/CVE-2019-17005
    https://security.archlinux.org/CVE-2019-17008
    https://security.archlinux.org/CVE-2019-17009
    https://security.archlinux.org/CVE-2019-17010
    https://security.archlinux.org/CVE-2019-17011
    https://security.archlinux.org/CVE-2019-17012
    https://security.archlinux.org/CVE-2019-17013
    https://security.archlinux.org/CVE-2019-17014
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.