AVG-1036 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 68.0.2-1
Fixed 69.0-1
Current 71.0-1 [extra]
Ticket None
Created Wed Sep 4 08:47:34 2019
Issue Severity Remote Type Description
CVE-2019-11752 High Yes Arbitrary code execution
In Firefox before 69.0, it is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a...
CVE-2019-11750 Medium Yes Denial of service
A type confusion vulnerability exists in the Spidermonkey component of Firefox before 69.0, which results in a non-exploitable crash.
CVE-2019-11749 Medium Yes Information disclosure
A vulnerability exists in the WebRTC component of Firefox before 69.0 where malicious web content can use probing techniques on the getUserMedia API using...
CVE-2019-11748 Medium Yes Access restriction bypass
WebRTC in Firefox before 69.0 will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party...
CVE-2019-11747 Low Yes Access restriction bypass
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes...
CVE-2019-11746 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 69.0 while manipulating video elements if the body is freed while still in use. This results in a...
CVE-2019-11744 High Yes Cross-site scripting
A security issue has been found in Firefox before 69.0. Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without...
CVE-2019-11743 Medium Yes Information disclosure
In Firefox before 69.0, navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the...
CVE-2019-11742 High Yes Same-origin policy bypass
A same-origin policy violation can occur in Firefox before 69.0, allowing the theft of cross-origin images through a combination of SVG filters and a...
CVE-2019-11741 High Yes Cross-site scripting
In Firefox before 69.0, a compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can...
CVE-2019-11740 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11738 Low Yes Access restriction bypass
In Firefox before 69.0, if a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input,...
CVE-2019-11737 Low Yes Access restriction bypass
In Firefox before 69.0, if a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the...
CVE-2019-11735 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-11734 High Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-9812 High Yes Sandbox escape
In Firefox before 69.0, given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading...
CVE-2019-5849 Medium Yes Information disclosure
An out-of-bounds read vulnerability exists in the Skia graphics library shipped in Firefox before 69.0, allowing for the possible leaking of data from memory.
Date Advisory Package Description
04 Sep 2019 ASA-201909-2 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/