Executive Summary
Summary | |
---|---|
Title | Firefox regression |
Informations | |||
---|---|---|---|
Name | USN-3991-2 | First vendor Publication | 2019-06-06 |
Vendor | Ubuntu | Last vendor Modification | 2019-06-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-3991-1 caused a regression in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: テつ Multiple security issues were discovered in Firefox. If a user were テつ tricked in to opening a specially crafted website, an attacker could テつ potentially exploit these to cause a denial of service, spoof the browser テつ UI, trick the user in to launching local executable binaries, obtain テつ sensitive information, conduct cross-site scripting (XSS) attacks, or テつ execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, テつ CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, テつ CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, テつ CVE-2019-9820, CVE-2019-9821) テつ テつ It was discovered that pressing certain key combinations could bypass テつ addon installation prompt delays. If a user opened a specially crafted テつ website, an attacker could potentially exploit this to trick them in to テつ installing a malicious extension. (CVE-2019-11697) テつ テつ It was discovered that history data could be exposed via drag and drop テつ of hyperlinks to and from bookmarks. If a user were tricked in to dragging テつ a specially crafted hyperlink to the bookmark toolbar or sidebar, and テつ subsequently back in to the web content area, an attacker could テつ potentially exploit this to obtain sensitive information. (CVE-2019-11698) テつ テつ A type confusion bug was discovered with object groups and UnboxedObjects. テつ If a user were tricked in to opening a specially crafted website after テつ enabling the UnboxedObjects feature, an attacker could potentially テつ exploit this to bypass security checks. (CVE-2019-9816) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.19.04.1 Ubuntu 18.10: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.18.10.1 Ubuntu 18.04 LTS: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.16.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: テつ https://usn.ubuntu.com/3991-2 テつ https://usn.ubuntu.com/3991-1 テつ https://launchpad.net/bugs/1830096 Package Information: テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1 |
Original Source
Url : http://www.ubuntu.com/usn/USN-3991-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
36 % | CWE-416 | Use After Free |
21 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
21 % | CWE-20 | Improper Input Validation |
7 % | CWE-362 | Race Condition |
7 % | CWE-346 | Origin Validation Error |
7 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2019-07-26 00:21:57 |
|
2019-07-24 12:08:15 |
|
2019-06-29 12:05:25 |
|
2019-06-07 05:18:39 |
|