Vulnerabilities > CVE-2019-11698 - Improper Input Validation vulnerability in Mozilla Firefox

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mozilla
CWE-20
nessus

Summary

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Vulnerable Configurations

Part Description Count
Application
Mozilla
1085

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3991-3.NASL
    descriptionUSN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details : Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125948
    published2019-06-17
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125948
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : firefox regression (USN-3991-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3991-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125948);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/18 12:31:49");
    
      script_cve_id("CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11699", "CVE-2019-11701", "CVE-2019-7317", "CVE-2019-9800", "CVE-2019-9814", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821");
      script_xref(name:"USN", value:"3991-3");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : firefox regression (USN-3991-3)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a
    subsequent regression. The update caused an additional regression that
    resulted in Firefox failing to load correctly after executing it in
    safe mode. This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Original advisory details :
    
    Multiple security issues were discovered in Firefox. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to cause a denial of service, spoof the
    browser UI, trick the user in to launching local executable binaries,
    obtain sensitive information, conduct cross-site scripting (XSS)
    attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692,
    CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699,
    CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814,
    CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821)
    
    It was discovered that pressing certain key combinations
    could bypass addon installation prompt delays. If a user
    opened a specially crafted website, an attacker could
    potentially exploit this to trick them in to installing a
    malicious extension. (CVE-2019-11697)
    
    It was discovered that history data could be exposed via
    drag and drop of hyperlinks to and from bookmarks. If a user
    were tricked in to dragging a specially crafted hyperlink to
    the bookmark toolbar or sidebar, and subsequently back in to
    the web content area, an attacker could potentially exploit
    this to obtain sensitive information. (CVE-2019-11698)
    
    A type confusion bug was discovered with object groups and
    UnboxedObjects. If a user were tricked in to opening a
    specially crafted website after enabling the UnboxedObjects
    feature, an attacker could potentially exploit this to
    bypass security checks. (CVE-2019-9816).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3991-3/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"firefox", pkgver:"67.0.2+build2-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"firefox", pkgver:"67.0.2+build2-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"firefox", pkgver:"67.0.2+build2-0ubuntu0.18.10.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"firefox", pkgver:"67.0.2+build2-0ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1309.NASL
    descriptionFrom Red Hat Security Advisory 2019:1309 : An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-04
    plugin id125688
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125688
    titleOracle Linux 7 : thunderbird (ELSA-2019-1309)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:1309 and 
    # Oracle Linux Security Advisory ELSA-2019-1309 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125688);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820");
      script_xref(name:"RHSA", value:"2019:1309");
    
      script_name(english:"Oracle Linux 7 : thunderbird (ELSA-2019-1309)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "From Red Hat Security Advisory 2019:1309 :
    
    An update for thunderbird is now available for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    This update upgrades Thunderbird to version 60.7.0.
    
    Security Fix(es) :
    
    * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
    (CVE-2019-9800)
    
    * Mozilla: Cross-origin theft of images with createImageBitmap
    (CVE-2019-9797)
    
    * Mozilla: Stealing of cross-domain images using canvas
    (CVE-2019-9817)
    
    * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
    
    * Mozilla: Use-after-free of ChromeEventHandler by DocShell
    (CVE-2019-9820)
    
    * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
    
    * Mozilla: Use-after-free removing listeners in the event listener
    manager (CVE-2019-11692)
    
    * Mozilla: Buffer overflow in WebGL bufferdata on Linux
    (CVE-2019-11693)
    
    * mozilla: Cross-origin theft of images with
    ImageBitmapRenderingContext (CVE-2018-18511)
    
    * chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
    
    * Mozilla: Theft of user history data through drag and drop of
    hyperlinks to and from bookmarks (CVE-2019-11698)
    
    * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-June/008782.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"thunderbird-60.7.0-1.0.1.el7_6", allowmaj:TRUE)) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1267.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-24
    plugin id125383
    published2019-05-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125383
    titleRHEL 6 : firefox (RHSA-2019:1267)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:1267. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125383);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
    
      script_cve_id("CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820");
      script_xref(name:"RHSA", value:"2019:1267");
    
      script_name(english:"RHEL 6 : firefox (RHSA-2019:1267)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for firefox is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Firefox is an open source web browser, designed for standards
    compliance, performance, and portability.
    
    This update upgrades Firefox to version 60.7.0 ESR.
    
    Security Fix(es) :
    
    * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
    (CVE-2019-9800)
    
    * Mozilla: Cross-origin theft of images with createImageBitmap
    (CVE-2019-9797)
    
    * Mozilla: Type confusion with object groups and UnboxedObjects
    (CVE-2019-9816)
    
    * Mozilla: Stealing of cross-domain images using canvas
    (CVE-2019-9817)
    
    * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
    
    * Mozilla: Use-after-free of ChromeEventHandler by DocShell
    (CVE-2019-9820)
    
    * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
    
    * Mozilla: Use-after-free removing listeners in the event listener
    manager (CVE-2019-11692)
    
    * Mozilla: Buffer overflow in WebGL bufferdata on Linux
    (CVE-2019-11693)
    
    * mozilla: Cross-origin theft of images with
    ImageBitmapRenderingContext (CVE-2018-18511)
    
    * chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
    
    * Mozilla: Theft of user history data through drag and drop of
    hyperlinks to and from bookmarks (CVE-2019-11698)
    
    * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:1267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-18511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-5798"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-7317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9816"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9817"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9820"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11691"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11698"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected firefox and / or firefox-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:1267";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"firefox-60.7.0-1.el6_10", allowmaj:TRUE)) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"firefox-60.7.0-1.el6_10", allowmaj:TRUE)) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"firefox-60.7.0-1.el6_10", allowmaj:TRUE)) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"firefox-debuginfo-60.7.0-1.el6_10", allowmaj:TRUE)) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"firefox-debuginfo-60.7.0-1.el6_10", allowmaj:TRUE)) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"firefox-debuginfo-60.7.0-1.el6_10", allowmaj:TRUE)) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1534.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14) : - CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-5798: Out-of-bounds read in Skia - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9797: Cross-origin theft of images with createImageBitmap - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: (Windows only) Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell - CVE-2019-9821: Use-after-free in AssertWorkerThread
    last seen2020-05-31
    modified2019-06-11
    plugin id125809
    published2019-06-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125809
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1534.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125809);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)");
      script_summary(english:"Check for the openSUSE-2019-1534 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for MozillaFirefox fixes the following issues :
    
    MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14) :
    
      - CVE-2018-18511: Cross-origin theft of images with
        ImageBitmapRenderingContext
    
      - CVE-2019-11691: Use-after-free in XMLHttpRequest
    
      - CVE-2019-11692: Use-after-free removing listeners in the
        event listener manager
    
      - CVE-2019-11693: Buffer overflow in WebGL bufferdata on
        Linux
    
      - CVE-2019-11694: (Windows only) Uninitialized memory
        memory leakage in Windows sandbox
    
      - CVE-2019-11698: Theft of user history data through drag
        and drop of hyperlinks to and from bookmarks
    
      - CVE-2019-5798: Out-of-bounds read in Skia
    
      - CVE-2019-7317: Use-after-free in png_image_free of
        libpng library
    
      - CVE-2019-9797: Cross-origin theft of images with
        createImageBitmap
    
      - CVE-2019-9800: Memory safety bugs fixed in Firefox 67
        and Firefox ESR 60.7
    
      - CVE-2019-9815: Disable hyperthreading on content
        JavaScript threads on macOS
    
      - CVE-2019-9816: Type confusion with object groups and
        UnboxedObjects
    
      - CVE-2019-9817: Stealing of cross-domain images using
        canvas
    
      - CVE-2019-9818: (Windows only) Use-after-free in crash
        generation server
    
      - CVE-2019-9819: Compartment mismatch with fetch API
    
      - CVE-2019-9820: Use-after-free of ChromeEventHandler by
        DocShell
    
      - CVE-2019-9821: Use-after-free in AssertWorkerThread"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135824"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected MozillaFirefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-debuginfo-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-debugsource-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-devel-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-translations-common-60.7.0-lp150.3.54.5") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"MozillaFirefox-translations-other-60.7.0-lp150.3.54.5") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190524_FIREFOX_ON_SL7_X.NASL
    descriptionThis update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) - Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) - chromium-browser: Out of bounds read in Skia (CVE-2019-5798) - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    last seen2020-05-31
    modified2019-05-28
    plugin id125449
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125449
    titleScientific Linux Security Update : firefox on SL7.x x86_64 (20190524)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1309.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-04
    plugin id125691
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125691
    titleRHEL 7 : thunderbird (RHSA-2019:1309)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_67_0.NASL
    descriptionThe version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory. - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815) - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816) - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817) - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818) - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819) - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820) - A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. (CVE-2019-9821) - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691) - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692) - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693) - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317) - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694) - A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. (CVE-2019-11695) - Files with the .JNLP extension used for Java web start applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. (CVE-2019-11696) - If the ALT and a keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. (CVE-2019-11697) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id125360
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125360
    titleMozilla Firefox < 67.0
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3991-2.NASL
    descriptionUSN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details : Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125766
    published2019-06-07
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125766
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : firefox regression (USN-3991-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1800.NASL
    descriptionMultiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125374
    published2019-05-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125374
    titleDebian DLA-1800-1 : firefox-esr security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1310.NASL
    descriptionFrom Red Hat Security Advisory 2019:1310 : An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-04
    plugin id125689
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125689
    titleOracle Linux 6 : thunderbird (ELSA-2019-1310)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_THUNDERBIRD_60_7.NASL
    descriptionThe version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815) - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816) - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817) - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818) - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819) - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820) - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691) - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692) - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693) - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797) - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method. (CVE-2018-18511) - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id125358
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125358
    titleMozilla Thunderbird < 60.7
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1269.NASL
    descriptionFrom Red Hat Security Advisory 2019:1269 : An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-08-12
    plugin id127587
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127587
    titleOracle Linux 8 : firefox (ELSA-2019-1269)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1806.NASL
    descriptionMultiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125412
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125412
    titleDebian DLA-1806-1 : thunderbird security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190523_FIREFOX_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) - Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) - chromium-browser: Out of bounds read in Skia (CVE-2019-5798) - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    last seen2020-05-31
    modified2019-05-28
    plugin id125447
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125447
    titleScientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_60_7_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory. - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815) - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816) - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817) - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818) - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819) - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820) - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691) - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692) - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693) - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797) - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method. (CVE-2018-18511) - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id125362
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125362
    titleMozilla Firefox ESR < 60.7
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4451.NASL
    descriptionMultiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id125415
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125415
    titleDebian DSA-4451-1 : thunderbird - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1310.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-04
    plugin id125692
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125692
    titleRHEL 6 : thunderbird (RHSA-2019:1310)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1267.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125554
    published2019-05-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125554
    titleCentOS 6 : firefox (CESA-2019:1267)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1269.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-24
    plugin id125385
    published2019-05-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125385
    titleRHEL 8 : firefox (RHSA-2019:1269)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1229.NASL
    descriptionMozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-9817) libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)
    last seen2020-05-31
    modified2019-06-14
    plugin id125901
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125901
    titleAmazon Linux 2 : thunderbird (ALAS-2019-1229)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0158_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id127438
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127438
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0169_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2019-5785) - The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9791) - A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren
    last seen2020-06-01
    modified2020-06-02
    plugin id127459
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127459
    titleNewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0169)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0178_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) - A flaw in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id128698
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128698
    titleNewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190604_THUNDERBIRD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) - chromium-browser: Out of bounds read in Skia (CVE-2019-5798) - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    last seen2020-05-31
    modified2019-06-05
    plugin id125716
    published2019-06-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125716
    titleScientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1308.NASL
    descriptionFrom Red Hat Security Advisory 2019:1308 : An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-08-12
    plugin id127589
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127589
    titleOracle Linux 8 : thunderbird (ELSA-2019-1308)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_60_7_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory. - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815) - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816) - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817) - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818) - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819) - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820) - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691) - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692) - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693) - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797) - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method. (CVE-2018-18511) - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id125363
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125363
    titleMozilla Firefox ESR < 60.7
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0088_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2019-11698, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820) - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127305
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127305
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0088)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1265.NASL
    descriptionFrom Red Hat Security Advisory 2019:1265 : An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-28
    plugin id125443
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125443
    titleOracle Linux 7 : firefox (ELSA-2019-1265)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1265.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125553
    published2019-05-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125553
    titleCentOS 7 : firefox (CESA-2019:1265)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_44B6DFBF4EF74D52AD522B1B05D81272.NASL
    descriptionMozilla Foundation reports : CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-9821: Use-after-free in AssertWorkerThread CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox CVE-2019-11695: Custom cursor can render over user interface outside of web content CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-11700: res: protocol can be used to open known local files CVE-2019-11699: Incorrect domain name highlighting during page navigation CVE-2019-11701: webcal: protocol default handler loads vulnerable web page CVE-2019-9814: Memory safety bugs fixed in Firefox 67 CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
    last seen2020-06-01
    modified2020-06-02
    plugin id125346
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125346
    titleFreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_60_7.NASL
    descriptionThe version of Thunderbird installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815) - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816) - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817) - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818) - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819) - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820) - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691) - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692) - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693) - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. (CVE-2019-9797) - Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method. (CVE-2018-18511) - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id125359
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125359
    titleMozilla Thunderbird < 60.7
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4448.NASL
    descriptionMultiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id125343
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125343
    titleDebian DSA-4448-1 : firefox-esr - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3991-1.NASL
    descriptionMultiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125339
    published2019-05-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125339
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : firefox vulnerabilities (USN-3991-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1388-1.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Security issues fixed : CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: Font and date adjustments to accommodate the new Reiwa era in Japan Update to Firefox ESR 60.7 (bsc#1135824) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125672
    published2019-06-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125672
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0159_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9816) - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id127439
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127439
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1267.NASL
    descriptionFrom Red Hat Security Advisory 2019:1267 : An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-28
    plugin id125444
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125444
    titleOracle Linux 6 : firefox (ELSA-2019-1267)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0175_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id128691
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128691
    titleNewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1308.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-04
    plugin id125690
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125690
    titleRHEL 8 : thunderbird (RHSA-2019:1308)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0167_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9816) - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id127455
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127455
    titleNewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0167)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1484.NASL
    descriptionThis update for MozillaThunderbird fixes the following issues : Mozilla Thunderbird was updated to 60.7.0 - Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut Security issues fixed (MFSA 2019-15 boo#1135824) : - CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-5798: Out-of-bounds read in Skia - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9797: Cross-origin theft of images with createImageBitmap - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell - Disable LTO (boo#1133267). - Add patch to fix build using rust-1.33: (boo#1130694)
    last seen2020-06-01
    modified2020-06-02
    plugin id125669
    published2019-06-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125669
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1265.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-24
    plugin id125382
    published2019-05-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125382
    titleRHEL 7 : firefox (RHSA-2019:1265)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0087_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2019-9816, CVE-2019-11698, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820) - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317) - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127304
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127304
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0087)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3997-1.NASL
    descriptionMultiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125545
    published2019-05-29
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125545
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : thunderbird vulnerabilities (USN-3997-1)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_67_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory. - If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change. (CVE-2019-9815) - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases. (CVE-2019-9816) - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. (CVE-2019-9817) - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. Note: this vulnerability only affects Windows. Other operating systems are unaffected. (CVE-2019-9818) - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. (CVE-2019-9819) - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. (CVE-2019-9820) - A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. (CVE-2019-9821) - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. (CVE-2019-11691) - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. (CVE-2019-11692) - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. (CVE-2019-11693) - A use-after-free vulnerability was discovered in the pngimagefree function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed. (CVE-2019-7317) - A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-11694) - A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. (CVE-2019-11695) - Files with the .JNLP extension used for Java web start applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. (CVE-2019-11696) - If the ALT and a keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. (CVE-2019-11697) - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id125361
    published2019-05-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125361
    titleMozilla Firefox < 67.0
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1405-1.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Security issues fixed : CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: Font and date adjustments to accommodate the new Reiwa era in Japan Update to Firefox ESR 60.7 (bsc#1135824) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125702
    published2019-06-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125702
    titleSUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1310.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-11
    plugin id125803
    published2019-06-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125803
    titleCentOS 6 : thunderbird (CESA-2019:1310)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1309.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-11
    plugin id125802
    published2019-06-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125802
    titleCentOS 7 : thunderbird (CESA-2019:1309)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190604_THUNDERBIRD_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) - chromium-browser: Out of bounds read in Skia (CVE-2019-5798) - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    last seen2020-05-31
    modified2019-06-05
    plugin id125715
    published2019-06-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125715
    titleScientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190604)

Redhat

rpms
  • firefox-0:60.7.0-1.el7_6
  • firefox-debuginfo-0:60.7.0-1.el7_6
  • firefox-0:60.7.0-1.el6_10
  • firefox-debuginfo-0:60.7.0-1.el6_10
  • firefox-0:60.7.0-1.el8_0
  • firefox-debuginfo-0:60.7.0-1.el8_0
  • firefox-debugsource-0:60.7.0-1.el8_0
  • thunderbird-0:60.7.0-1.el8_0
  • thunderbird-debuginfo-0:60.7.0-1.el8_0
  • thunderbird-debugsource-0:60.7.0-1.el8_0
  • thunderbird-0:60.7.0-1.el7_6
  • thunderbird-debuginfo-0:60.7.0-1.el7_6
  • thunderbird-0:60.7.0-1.el6_10
  • thunderbird-debuginfo-0:60.7.0-1.el6_10