Mozilla Firefox ESR Security Updates(mfsa_2019-25_2019-27_01)-Windows

Technical Details

Severity Level:

High Severity

CVSS Score:

10.0

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - Multiple use-after-free errors. - A same-origin policy violation. - Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. - Sandbox escape through Firefox Sync. - Navigation events were not fully adhering to the W3C's 'Navigation-Timing Level 2' draft specification in some instances for the unload event. - Some HTML elements, such as and <textarea>, can contain literal angle brackets without treating them as markup. - Memory safety bugs.</p> <p><b>Impact:</b> <br />Successful exploitation allow attackers to cause denial of service, escalate privileges, conduct cross site scripting attacks and disclose sensitive information.</p> <p><b>Affected Versions:</b> <br />Mozilla Firefox ESR version before 60.9 on Windows.</p> <p><b>Recommendations:</b> <br />Upgrade to Mozilla Firefox ESR version 60.9 or later. Please see the references for more information.</p> <p><b>Solution Type:</b> <br />Vendor Patch</p> <p><b>Detection Type:</b> <br />Windows Registry</p> <strong>Family:</strong> <p>General</p> <strong>Creation Time:</strong> <p>2019-09-05 05:58:56</p> <strong>Modification Time:</strong> <p>2019-09-05 09:53:24</p> <strong>Find and Fix this Vulnerability:</strong> <br /> <p>Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: <a href="https://www.mageni.net/register" alt="Download it now">Download Mageni's Free Edition</a></p> <strong>NVD CVE ID:</strong> <br /> CVE-2019-11746<br /> CVE-2019-11744<br /> CVE-2019-11742<br /> CVE-2019-11753<br /> CVE-2019-11752<br /> CVE-2019-9812<br /> CVE-2019-11743<br /> CVE-2019-11740<br /> </div> <div class="col-md-3"> <div class="panel panel-default"> <div class="panel-heading clearfix"> <h3 class="panel-title"><i class="fas fa-search"></i> Keyword Search</h3> </div> <div class="panel-body"> <form role="search" method="get" action="/search"> <div class="form-group"> <input type="text" class="form-control" id="search" aria-describedby="search" name="search" placeholder="Search" required> <small id="searchHelp" class="form-text text-muted">Search CVEs, Products and Vendors.</small> </div> <button type="submit" class="btn btn-primary btn-sm">Submit</button> </form> </div> </div> <div class="panel panel-default"> <div class="panel-heading clearfix"> <h3 class="panel-title"><i class="fas fa-database"></i> Plugin Statistics</h3> </div> <div class="panel-body"> Total Plugins: 68,131 </div> </div> <div class="panel panel-default"> <div class="panel-heading clearfix"> <h3 class="panel-title"><i class="fas fa-shield-alt"></i> Latest Vulnerabilities</h3> </div> <div class="panel-body pre-scrollable" style="height: 400px;"> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.107726" alt="Foxit Studio Photo Version Detection (Windows)"><i class="fas fa-shield-alt"></i> Foxit Studio Photo Version Detection (Windows)</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.891955" alt="Debian LTS Advisory ([SECURITY] [DLA 1955-1] tcpdump security update)"><i class="fas fa-shield-alt"></i> Debian LTS Advisory ([SECURITY] [DLA 1955-1] tcpdump security update)</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.891956" alt="Debian LTS Advisory ([SECURITY] [DLA 1956-1] ruby-openid security update)"><i class="fas fa-shield-alt"></i> Debian LTS Advisory ([SECURITY] [DLA 1956-1] ruby-openid security update)</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.876896" alt="Fedora Update for SDL2 FEDORA-2019-8ef33a69ca"><i class="fas fa-shield-alt"></i> Fedora Update for SDL2 FEDORA-2019-8ef33a69ca</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.876895" alt="Fedora Update for krb5 FEDORA-2019-dc4e1d0fb6"><i class="fas fa-shield-alt"></i> Fedora Update for krb5 FEDORA-2019-dc4e1d0fb6</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.852737" alt="openSUSE Update for the openSUSE-SU-2019:2307-1 (the)"><i class="fas fa-shield-alt"></i> openSUSE Update for the openSUSE-SU-2019:2307-1 (the)</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.844199" alt="Ubuntu Update for octavia USN-4153-1"><i class="fas fa-shield-alt"></i> Ubuntu Update for octavia USN-4153-1</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.891954" alt="Debian LTS Advisory ([SECURITY] [DLA 1954-1] lucene-solr security update)"><i class="fas fa-shield-alt"></i> Debian LTS Advisory ([SECURITY] [DLA 1954-1] lucene-solr security update)</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.891953" alt="Debian LTS Advisory ([SECURITY] [DLA 1953-1] clamav security update)"><i class="fas fa-shield-alt"></i> Debian LTS Advisory ([SECURITY] [DLA 1953-1] clamav security update)</a> <br /> </p> <p> <a href="https://www.mageni.net/1.3.6.1.4.1.25623.1.0.815497" alt="Microsoft Windows Multiple Vulnerabilities (KB4519338)"><i class="fas fa-shield-alt"></i> Microsoft Windows Multiple Vulnerabilities (KB4519338)</a> <br /> </p> </div> </div> </div> </div> </div> </div> <!-- Service Box End --> <!-- Call t- action /get started --> <div class="cps-cta cps-gray-bg"> <div class="container"> <div class="row"> <div class="col-md-8 col-xs-12 sm-text-center"> <h3 class="cps-cta-title">Don't pay for a vulnerability scanning and management platform. This one is free.</h3> <p class="cps-cta-text"> Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities. </p> </div> <div class="col-md-4 col-xs-12 text-right sm-text-center"> <a class="btn cps-cta-btn btn-primary" href="/register"><i class="fas fa-download"></i>  Download it now</a> </div> </div> </div> </div> <!-- Call t- action /get started end --> </div> <footer class="style-5"> <div class="cps-footer-upper"> <div class="container"> <div class="cps-footer-widget-area"> <div class="row"> <div class="col-md-4 col-sm-6 col-xs-12"> <div class="cps-widget about-widget"> <a class="cps-footer-logo" href="/"> <img src="images/website-letter.svg" style="height: 40px; width: 240px; border: 0; margin: 2px 0; max-width: 100%;" alt="Mageni Logo"> </a> <p> Mageni means "My Defender". Mageni provides a Free Vulnerability Scanning and Management Platform which helps you need to find, prioritize, remediate and manage the vulnerabilities. </p> <div class="cps-socials"> <a href="https://www.facebook.com/magenillc" target="_blank"><i class="fab fa-facebook-f"></i></a> <a href="https://twitter.com/magenisecurity" target="_blank"><i class="fab fa-twitter"></i></a> <a href="https://www.linkedin.com/company/mageni-security" target="_blank"><i class="fab fa-linkedin"></i></a> </div> </div> </div> <div class="col-md-3 col-sm-6 col-xs-12"> <div class="cps-widget custom-menu-widget"> <h4 class="cps-widget-title">Links</h4> <ul class="widget-menu"> <li><a href="https://documentation.mageni.net/" target="_blank">Documentation</a></li> <li><a href="https://opensource.mageni.net/" target="_blank">Open Source</a></li> </ul> </div> </div> <div class="col-md-3 col-sm-6 col-xs-12"> <div class="cps-widget custom-menu-widget"> <h4 class="cps-widget-title">Legal</h4> <ul class="widget-menu"> <li><a href="/eu-privacy">EU Privacy</a></li> <li><a href="/privacy">Privacy</a></li> <li><a href="/legal">Legal</a></li> <li><a href="/terms">Terms</a></li> <li><a href="/contact">Contact</a></li> </ul> </div> </div> <div class="col-md-2 col-sm-6 col-xs-12"> <div class="cps-widget custom-menu-widget"> <h4 class="cps-widget-title">Product</h4> <ul class="widget-menu"> <li><a href="/register">Download</a></li> <li><a href="/features">Features</a></li> <li><a href="/pricing">Product</a></li> <li><a href="/services">Services</a></li> <li><a href="http://www.mageni.net/vulndb">Plugins</a></li> <li><a href="http://www.mageni.net/categories">Categories</a></li> <li><a href="http://www.mageni.net/kb">CVEs</a></li> </ul> </div> </div> </div> </div> </div> </div> <div class="cps-footer-lower"> <div class="container"> <div class="row"> <div class="col-sm-6 col-xs-12 xs-text-center"> <p class="copyright">Mageni Security, LLC. All Rights Reserved.</p> </div> <div class="col-sm-6 col-xs-12 text-right xs-text-center"> <ul class="footer-menu"> <li><a href="/contact">Contact</a></li> </ul> </div> </div> </div> </div> </footer> <!-- Script --> <script src="https://www.mageni.net/assets/js/jquery.min.js"></script> <script src="https://www.mageni.net/assets/js/jquery-migrate-3.0.1.min.js"></script> <script src="https://www.mageni.net/assets/js/bootstrap.min.js"></script> <script src="https://www.mageni.net/assets/js/owl.carousel.js"></script> <script src="https://www.mageni.net/assets/js/visible.js"></script> <script src="https://www.mageni.net/assets/js/jquery.stellar.min.js"></script> <script src="https://www.mageni.net/assets/js/jquery.countTo.js"></script> <script src="https://www.mageni.net/assets/js/imagesloaded.pkgd.min.js"></script> <script src="https://www.mageni.net/assets/js/isotope.pkgd.min.js"></script> <script src="https://www.mageni.net/assets/js/jquery.magnific-popup.min.js"></script> <script src="https://www.mageni.net/assets/js/jquery.ajaxchimp.min.js"></script> <script src="https://www.mageni.net/assets/js/plyr.js"></script> <script src="https://www.mageni.net/assets/js/swiper.min.js"></script> <script src="https://www.mageni.net/assets/js/slick.min.js"></script> <script src="https://www.mageni.net/js/custom.js"></script> </body> </html>