USN-3991-2: Firefox regression



Published: 2019-06-07
Risk High
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-11695
CVE-2019-11696
CVE-2019-11699
CVE-2019-11701
CVE-2019-7317
CVE-2019-9800
CVE-2019-9814
CVE-2019-9817
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11697
CVE-2019-11698
CVE-2019-9816
CWE-ID CWE-416
CWE-119
CWE-451
CWE-749
CWE-264
CWE-20
CWE-843
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		firefox (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU18556

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11691

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in XMLHttpRequest (XHR) in an event loop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU18557

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11692

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when listeners are removed from the event listener manager while still in use. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU18558

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11693

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in bufferdata function in WebGL with specific graphics drivers on Linux. A remote attacker can create a specially crafted web apge, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Spoofing attack

EUVDB-ID: #VU18560

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11695

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of custom cursor. A remote attacker can define a custom cursor by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface.


Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Spoofing attack

EUVDB-ID: #VU18561

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11696

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of .JNLP files that are not recognized as executable files. A remote attacker can trick the victim into downloading and running a malicious Java web start file and execute arbitrary Java code on the system.

Successful exploitation of the vulnerability requires that Java is installed on the system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Spoofing attack

EUVDB-ID: #VU18565

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11699

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect highlighting of domain name in the address bar when navigating through pages. A remote attacker can perform spoofing attack.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Exposed dangerous method or function

EUVDB-ID: #VU18566

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11701

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to presence of a legacy support for webcal: protocol handler that allows to load a web site vulnerable to cross-site scripting attacks.


Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU17708

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-7317

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU18568

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9800

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU18567

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9814

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18551

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9817

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect access restrictions when reading images from a different domain. A remote attacker can use a canvas object under certain circumstances to violate same-origin policy and read image data from another domain name.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU18553

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9819

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a JavaScript compartment mismatch when working with the fetch API. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.



Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU18554

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9820

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free in ChromeEventHandler by DocShell. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU18555

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9821

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in AssertWorkerThread due to a race condition with shared workers. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Spoofing attack

EUVDB-ID: #VU18562

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11697

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of key combinations. A remote attacker can trick the victim to press ALT and "a" keystrokes on keyboard that delays extension installation prompt. A remote attacker can spoof the page and trick the victim to install malicious extension. 

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Spoofing attack

EUVDB-ID: #VU18563

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11698

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of drag and drop operations. A remote attacker can create a specially crafted hyperlink that when dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.

Successful exploitation of the vulnerability may allow an attacker to steal user's browser history.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Type Confusion

EUVDB-ID: #VU18550

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9816

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when manipulating JavaScript objects in object groups via UnboxedObjects. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.04
firefox - 67.0.1+build1-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.1+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.1+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.1+build1-0ubuntu0.16.04.1

Vulnerable software versions

firefox (Ubuntu package): 47.0+build3-0ubuntu0.16.04.1 - 67.0+build2-0ubuntu0.19.04.1

CPE2.3 External links

http://usn.ubuntu.com/3991-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###