AVG-1084 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 71.0-1
Fixed 72.0-1
Current 133.0.3-2 [extra]
Ticket None
Created Wed Jan 8 08:52:31 2020
Issue Severity Remote Type Description
CVE-2019-17025 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 72.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
CVE-2019-17024 Critical Yes Arbitrary code execution
Several memory safety issues have been found in Firefox before 72.0, Firefox ESR before 68.4.1, and Thunderbird before 68.3. Some of these bugs showed...
CVE-2019-17023 Low Yes Denial of service
A security issue has been found in the NSS component of Firefox before 72.0. After a HelloRetryRequest has been sent, the client may negotiate a lower...
CVE-2019-17022 Medium Yes Insufficient validation
A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1 where CSS sanitization does not escape HTML tags. When pasting a...
CVE-2019-17020 Medium Yes Access restriction bypass
A Content Security Policy bypass has been found in Firefox before 72.0, where the CSP is not applied to XSL stylesheets applied to XML documents. If the XSL...
CVE-2019-17017 Critical Yes Arbitrary code execution
A type confusion issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1, in XPCVariant.cpp where, due to a missing case handling object...
CVE-2019-17016 High Yes Insufficient validation
A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1. When pasting a <style> tag from the clipboard into a rich text...
Date Advisory Package Type
08 Jan 2020 ASA-202001-1 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/