AVG-1055 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 69.0.3-1
Fixed 70.0-1
Current 71.0-1 [extra]
Ticket None
Created Sat Oct 26 17:47:06 2019
Issue Severity Remote Type Description
CVE-2019-17002 Low Yes Access restriction bypass
An issue has been found in Firefox before 70.0 where, if upgrade- insecure-requests was specified in the Content Security Policy, and a link was dragged and...
CVE-2019-17001 Medium Yes Access restriction bypass
A CSP bypass has been found in Firefox 69, where a Content-Security- Policy that blocks in-line scripts could be bypassed using an object tag to execute...
CVE-2019-17000 Medium Yes Access restriction bypass
A CSP bypass has been found in Firefox 69, where an object tag with a data URI did not correctly inherit the document's Content Security Policy. This...
CVE-2019-15903 Medium Yes Denial of service
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing...
CVE-2019-11765 Medium Yes Insufficient validation
Incorrect permissions could be granted to a website in Firefox before 70.0. A compromised content process could send a message to the parent process that...
CVE-2019-11764 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 70.0 and Thunderbird before 68.2. Some of these bugs showed evidence of memory corruption and...
CVE-2019-11763 Medium Yes Insufficient validation
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities...
CVE-2019-11762 Medium Yes Same-origin policy bypass
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain...
CVE-2019-11761 Medium Yes Access restriction bypass
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the...
CVE-2019-11760 Critical Yes Arbitrary code execution
A fixed-size stack buffer overflow has been found in nrappkit, in the WebRTC signaling code of Firefox before 70.0 and Thunderbird before 68.2.
CVE-2019-11759 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in the HKDF output of Firefox before 70.0 and Thunderbird before 68.2. An attacker could have caused 4 bytes of...
CVE-2019-11757 Critical Yes Arbitrary code execution
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the...
CVE-2018-6156 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in Firefox before 70.0, where an incorrect derivation of a packet length in WebRTC caused heap corruption via a...
Date Advisory Package Description
26 Oct 2019 ASA-201910-16 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/