AVG-1071 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 70.0.1-3
Fixed 71.0-1
Current 71.0-1 [extra]
Ticket None
Created Tue Dec 3 19:34:26 2019
Issue Severity Remote Type Description
CVE-2019-17014 Medium Yes Information disclosure
An information disclosure issue has been found in Firefox before 71.0 where, if an image had not loaded correctly (such as when it is not actually an...
CVE-2019-17013 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 71.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-17012 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 71.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-17011 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0. Under certain conditions, when retrieving a document from a DocShell in the...
CVE-2019-17010 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0. Under certain conditions, when checking the Resist Fingerprinting preference during...
CVE-2019-17009 Medium No Privilege escalation
A privilege escalation vulnerability has been found in Firefox before 71.0. When running, the updater service wrote status and log files to an unrestricted...
CVE-2019-17008 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0. When using nested workers, a use-after-free could occur during worker destruction....
CVE-2019-17005 High Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in Firefox before 71.0 where the plain text serializer used a fixed-size array for the number of...
CVE-2019-11756 High Yes Denial of service
A use-after-free vulnerability has been found in Firefox before 71.0 where improper reference counting of soft token session objects could cause a...
CVE-2019-11745 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0. When encrypting with a block cipher, if a call to...
Date Advisory Package Description
03 Dec 2019 ASA-201912-1 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/