Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox regression
Informations
NameUSN-3991-2First vendor Publication2019-06-06
VendorUbuntuLast vendor Modification2019-06-06
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS

Summary:

USN-3991-1 caused a regression in Firefox.

Software Description: - firefox: Mozilla Open Source web browser

Details:

USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

テつ Multiple security issues were discovered in Firefox. If a user were テつ tricked in to opening a specially crafted website, an attacker could テつ potentially exploit these to cause a denial of service, spoof the browser テつ UI, trick the user in to launching local executable binaries, obtain テつ sensitive information, conduct cross-site scripting (XSS) attacks, or テつ execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, テつ CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, テつ CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, テつ CVE-2019-9820, CVE-2019-9821) テつ テつ It was discovered that pressing certain key combinations could bypass テつ addon installation prompt delays. If a user opened a specially crafted テつ website, an attacker could potentially exploit this to trick them in to テつ installing a malicious extension. (CVE-2019-11697) テつ テつ It was discovered that history data could be exposed via drag and drop テつ of hyperlinks to and from bookmarks. If a user were tricked in to dragging テつ a specially crafted hyperlink to the bookmark toolbar or sidebar, and テつ subsequently back in to the web content area, an attacker could テつ potentially exploit this to obtain sensitive information. (CVE-2019-11698) テつ テつ A type confusion bug was discovered with object groups and UnboxedObjects. テつ If a user were tricked in to opening a specially crafted website after テつ enabling the UnboxedObjects feature, an attacker could potentially テつ exploit this to bypass security checks. (CVE-2019-9816)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.19.04.1

Ubuntu 18.10: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.18.10.1

Ubuntu 18.04 LTS: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.18.04.1

Ubuntu 16.04 LTS: テつ firefoxテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 67.0.1+build1-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

References: テつ https://usn.ubuntu.com/3991-2 テつ https://usn.ubuntu.com/3991-1 テつ https://launchpad.net/bugs/1830096

Package Information: テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1 テつ https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-3991-2

CWE : Common Weakness Enumeration

%idName
35 %CWE-20Improper Input Validation
29 %CWE-416Use After Free
18 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
6 %CWE-704Incorrect Type Conversion or Cast
6 %CWE-346Origin Validation Error
6 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application415
Application122
Application350
Application1
Os2
Os1
Os1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-07-26 00:21:57
  • Multiple Updates
2019-07-24 12:08:15
  • Multiple Updates
2019-06-29 12:05:25
  • Multiple Updates
2019-06-07 05:18:39
  • First insertion