Ubuntu Update for firefox USN-3991-3

Technical Details

Severity Level:

Low Severity

CVSS Score:

2.6

CVSS Base Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:P

Summary:
The remote host is missing an update for the 'firefox' Linux Distribution Package(s) announced via the USN-3991-3 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details:  Multiple security issues were discovered in Firefox. If a user were  tricked in to opening a specially crafted website, an attacker could  potentially exploit these to cause a denial of service, spoof the browser  UI, trick the user in to launching local executable binaries, obtain  sensitive information, conduct cross-site scripting (XSS) attacks, or  execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,  CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701,  CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819,  CVE-2019-9820, CVE-2019-9821)    It was discovered that pressing certain key combinations could bypass  addon installation prompt delays. If a user opened a specially crafted  website, an attacker could potentially exploit this to trick them in to  installing a malicious extension. (CVE-2019-11697)    It was discovered that history data could be exposed via drag and drop  of hyperlinks to and from bookmarks. If a user were tricked in to dragging  a specially crafted hyperlink to the bookmark toolbar or sidebar, and  subsequently back in to the web content area, an attacker could  potentially exploit this to obtain sensitive information. (CVE-2019-11698)    A type confusion bug was discovered with object groups and UnboxedObjects.  If a user were tricked in to opening a specially crafted website after  enabling the UnboxedObjects feature, an attacker could potentially  exploit this to bypass security checks. (CVE-2019-9816)

Affected Versions:
'firefox' Linux Distribution Package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Family:

Ubuntu Local Security Checks

Creation Time:

2019-06-15 02:00:31

Modification Time:

2019-06-20 06:01:12

Find and Fix this Vulnerability:

Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition

NVD CVE ID:
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-11695
CVE-2019-11696
CVE-2019-11699
CVE-2019-11701
CVE-2019-7317
CVE-2019-9800
CVE-2019-9814
CVE-2019-9817
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11697
CVE-2019-11698
CVE-2019-9816

Don't pay for a vulnerability scanning and management platform. This one is free.

Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.