Vulnerabilities > CVE-2019-11710 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
opensuse
CWE-787
critical
nessus

Summary

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.

Vulnerable Configurations

Part Description Count
Application
Mozilla
600
OS
Opensuse
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4054-2.NASL
    descriptionUSN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details : A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729) It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127093
    published2019-07-26
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127093
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : firefox regressions (USN-4054-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4054-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127093);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-11709", "CVE-2019-11710", "CVE-2019-11711", "CVE-2019-11712", "CVE-2019-11713", "CVE-2019-11714", "CVE-2019-11715", "CVE-2019-11716", "CVE-2019-11717", "CVE-2019-11718", "CVE-2019-11719", "CVE-2019-11720", "CVE-2019-11721", "CVE-2019-11723", "CVE-2019-11724", "CVE-2019-11725", "CVE-2019-11727", "CVE-2019-11728", "CVE-2019-11729", "CVE-2019-11730", "CVE-2019-9811");
      script_xref(name:"USN", value:"4054-2");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : firefox regressions (USN-4054-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-4054-1 fixed vulnerabilities in Firefox. The update introduced
    various minor regressions. This update fixes the problems.
    
    We apologize for the inconvenience.
    
    Original advisory details :
    
    A sandbox escape was discovered in Firefox. If a user were tricked in
    to installing a malicious language pack, an attacker could exploit
    this to gain additional privileges. (CVE-2019-9811)
    
    Multiple security issues were discovered in Firefox. If a
    user were tricked in to opening a specially crafted website,
    an attacker could potentially exploit these to cause a
    denial of service, obtain sensitive information, bypass same
    origin restrictions, conduct cross-site scripting (XSS)
    attacks, conduct cross-site request forgery (CSRF) attacks,
    spoof origin attributes, spoof the addressbar contents,
    bypass safebrowsing protections, or execute arbitrary code.
    (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711,
    CVE-2019-11712, CVE-2019-11713, CVE-2019-11714,
    CVE-2019-11715, CVE-2019-11716, CVE-2019-11717,
    CVE-2019-11718, CVE-2019-11719, CVE-2019-11720,
    CVE-2019-11721, CVE-2019-11723, CVE-2019-11724,
    CVE-2019-11725, CVE-2019-11727, CVE-2019-11728,
    CVE-2019-11729)
    
    It was discovered that Firefox treats all files in a
    directory as same origin. If a user were tricked in to
    downloading a specially crafted HTML file, an attacker could
    potentially exploit this to obtain sensitive information
    from local files. (CVE-2019-11730).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4054-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11716");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"firefox", pkgver:"68.0.1+build1-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"firefox", pkgver:"68.0.1+build1-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"firefox", pkgver:"68.0.1+build1-0ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2251.NASL
    descriptionThis update for MozillaFirefox to 68.1 fixes the following issues : Security issues fixed : - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id129664
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129664
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2019-2251)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_68_0.NASL
    descriptionThe version of Firefox installed on the remote macOS or Mac OS X host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. (CVE-2019-9811) - When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. (CVE-2019-11711) - POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. (CVE-2019-11712) - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. (CVE-2019-11713) - Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. (CVE-2019-11714) - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. (CVE-2019-11729) - Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. (CVE-2019-11715) - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. (CVE-2019-11716) - A vulnerability exists where the caret (^) character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. (CVE-2019-11717) - Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. (CVE-2019-11718) - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. (CVE-2019-11719) - Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. (CVE-2019-11720) - The unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id126621
    published2019-07-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126621
    titleMozilla Firefox < 68.0
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-12 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127961
    published2019-08-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127961
    titleGLSA-201908-12 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0592F49FB3B84260B648D1718762656C.NASL
    descriptionMozilla Foundation reports : CVE-2019-9811: Sandbox escape via installation of malicious language pack CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713: Use-after-free with HTTP/2 cached stream CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11715: HTML parsing error can contribute to content XSS CVE-2019-11716: globalThis not enumerable until accessed CVE-2019-11717: Caret character improperly escaped in origins CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML CVE-2019-11719: Out-of-bounds read when importing curve25519 private key CVE-2019-11720: Character encoding XSS vulnerability CVE-2019-11721: Domain spoofing through unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id126592
    published2019-07-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126592
    titleFreeBSD : mozilla -- multiple vulnerabilities (0592f49f-b3b8-4260-b648-d1718762656c)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_68_0.NASL
    descriptionThe version of Thunderbird installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-28 advisory. - When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11711) - POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11712) - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11713) - Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. (CVE-2019-11714) - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) - Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11715) - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. (CVE-2019-11716) - A vulnerability exists where the caret (^) character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11717) - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11719) - Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. (CVE-2019-11720) - The unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id128970
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128970
    titleMozilla Thunderbird < 68.0
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2545-1.NASL
    descriptionThis update for MozillaFirefox to 68.1 fixes the following issues : Security issues fixed : CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id129583
    published2019-10-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129583
    titleSUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:2545-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2620-1.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129772
    published2019-10-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129772
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2620-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2248.NASL
    descriptionThis update for MozillaThunderbird to version 68.1.1 fixes the following issues : - CVE-2019-11709: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11711: Fixed a script injection within domain through inner window reuse. (bsc#1140868) - CVE-2019-11712: Fixed an insufficient validation of cross-origin POST requests within NPAPI plugins. (bsc#1140868) - CVE-2019-11713: Fixed a use-after-free with HTTP/2 cached stream. (bsc#1140868) - CVE-2019-11714: Fixed a crash in NeckoChild. (bsc#1140868) - CVE-2019-11715: Fixed an HTML parsing error that can contribute to content XSS. (bsc#1140868) - CVE-2019-11716: Fixed an enumeration issue in globalThis. (bsc#1140868) - CVE-2019-11717: Fixed an improper escaping of the caret character in origins. (bsc#1140868) - CVE-2019-11719: Fixed an out-of-bounds read when importing curve25519 private key. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed domain spoofing through unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id129662
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129662
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2019-2248)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4054-1.NASL
    descriptionA sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729) It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126698
    published2019-07-15
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126698
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : firefox vulnerabilities (USN-4054-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2260.NASL
    descriptionThis update for MozillaFirefox to 68.1 fixes the following issues : Security issues fixed : - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id129665
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129665
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2019-2260)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2249.NASL
    descriptionThis update for MozillaThunderbird to version 68.1.1 fixes the following issues : - CVE-2019-11709: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11711: Fixed a script injection within domain through inner window reuse. (bsc#1140868) - CVE-2019-11712: Fixed an insufficient validation of cross-origin POST requests within NPAPI plugins. (bsc#1140868) - CVE-2019-11713: Fixed a use-after-free with HTTP/2 cached stream. (bsc#1140868) - CVE-2019-11714: Fixed a crash in NeckoChild. (bsc#1140868) - CVE-2019-11715: Fixed an HTML parsing error that can contribute to content XSS. (bsc#1140868) - CVE-2019-11716: Fixed an enumeration issue in globalThis. (bsc#1140868) - CVE-2019-11717: Fixed an improper escaping of the caret character in origins. (bsc#1140868) - CVE-2019-11719: Fixed an out-of-bounds read when importing curve25519 private key. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed domain spoofing through unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id129663
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129663
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2019-2249)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_68_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. (CVE-2019-9811) - When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. (CVE-2019-11711) - POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. (CVE-2019-11712) - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. (CVE-2019-11713) - Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. (CVE-2019-11714) - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. (CVE-2019-11729) - Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. (CVE-2019-11715) - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. (CVE-2019-11716) - A vulnerability exists where the caret (^) character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. (CVE-2019-11717) - Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. (CVE-2019-11718) - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. (CVE-2019-11719) - Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. (CVE-2019-11720) - The unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id126622
    published2019-07-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126622
    titleMozilla Firefox < 68.0
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_THUNDERBIRD_68_0.NASL
    descriptionThe version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-28 advisory. - When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11711) - POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11712) - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11713) - Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. (CVE-2019-11714) - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) - Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11715) - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. (CVE-2019-11716) - A vulnerability exists where the caret (^) character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11717) - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11719) - Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. (CVE-2019-11720) - The unicode latin
    last seen2020-06-01
    modified2020-06-02
    plugin id128969
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128969
    titleMozilla Thunderbird < 68.0