Executive Summary

Summary
Title Firefox regression
Informations
NameUSN-3991-2First vendor Publication2019-06-06
VendorUbuntuLast vendor Modification2019-06-06
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS

Summary:

USN-3991-1 caused a regression in Firefox.

Software Description: - firefox: Mozilla Open Source web browser

Details:

USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

テつ Multiple security issues were discovered in Firefox. If a user were テつ tricked in to opening a specially crafted website, an attacker could テつ potentially exploit these to cause a denial of service, spoof the browser テつ UI, trick the user in to launching local executable binaries, obtain テつ sensitive information, conduct cross-site scripting (XSS) attacks, or テつ execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, テつ CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, テつ CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, テつ CVE-2019-9820, CVE-2019-9821) テつ テつ It was discovered that pressing certain key combinations could bypass テつ addon installation prompt delays. If a user opened a specially crafted テつ website, an attacker could potentially exploit this to trick them in to テつ installing a malicious extension. (CVE-2019-11697) テつ テつ It was discovered that history data could be exposed via drag and drop テつ of hyperlinks to and from bookmarks. If a user were tricked in to dragging テつ a specially crafted hyperlink to the bookmark toolbar or sidebar, and テつ subsequently back in to the web content area, an attacker could テつ potentially exploit this to obtain sensitive information. (CVE-2019-11698) テつ テつ A type confusion bug was discovered with object groups and UnboxedObjects. テつ If a user were tricked in to opening a specially crafted website after テつ enabling the UnboxedObjects feature, an attacker could potentially テつ exploit this to bypass security checks. (CVE-2019-9816)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.19.04.1

Ubuntu 18.10: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.18.10.1

Ubuntu 18.04 LTS: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.18.04.1

Ubuntu 16.04 LTS: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

References: テつ https://usn.ubuntu.com/3991-2 テつ https://usn.ubuntu.com/3991-1 テつ https://launchpad.net/bugs/1830096

Package Information: テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-3991-2

CWE : Common Weakness Enumeration

%idName
100 %CWE-416Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Os2
Os1

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-06-07 05:18:39
  • First insertion