Vulnerability Details

Mozilla Firefox ESR Security Updates(mfsa_2019-25_2019-27_01)-Windows

Published: 2019-09-05 05:58:56
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - Multiple use-after-free errors. - A same-origin policy violation. - Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. - Sandbox escape through Firefox Sync. - Navigation events were not fully adhering to the W3C's 'Navigation-Timing Level 2' draft specification in some instances for the unload event. - Some HTML elements, such as and <textarea>, can contain literal angle brackets without treating them as markup. - Memory safety bugs.</p> <p class="mb-3" style="font-size: .900rem!important;"><i class="fas fa-bolt"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">Impact:</b> <br />Successful exploitation allow attackers to cause denial of service, escalate privileges, conduct cross site scripting attacks and disclose sensitive information.</p> <p class="mb-3" style="font-size: .900rem!important;"><i class="fas fa-bug"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">Affected Versions:</b> <br />Mozilla Firefox ESR version before 60.9 on Windows.</p> <p class="mb-3" style="font-size: .900rem!important;"><i class="fas fa-tools"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">Recommendations:</b> <br />Upgrade to Mozilla Firefox ESR version 60.9 or later. Please see the references for more information.</p> <p class="mb-3" style="font-size: .900rem!important;"><i class="fas fa-laptop-medical"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">Solution Type:</b> <br />Vendor Patch</p> <p class="mb-3" style="font-size: .900rem!important;"><i class="fas fa-laptop-code"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">Detection Type:</b> <br />Windows Registry</p> <i class="fas fa-external-link-alt"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)</b> <p class="mb-3" style="font-size: .900rem!important;"> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11746" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11746" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11746</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11744" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11744" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11744</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11742" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11742" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11742</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11753" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11753" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11753</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11752" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11752" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11752</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-9812" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-9812" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-9812</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11743" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11743" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11743</a> <br /> <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11740" title="NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database) CVE ID: CVE-2019-11740" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2019-11740</a> <br /> </p> <i class="fas fa-external-link-alt"></i> <b class="text-dark" style="font-size: .955rem!important; font-weight:600;">References:</b> <p class="mb-3" style="font-size: .900rem!important;"> <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/" title="https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/" target="_blank">https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/</a> <br /> <a href="https://www.mozilla.org/en-US/firefox/enterprise" title="https://www.mozilla.org/en-US/firefox/enterprise" target="_blank">https://www.mozilla.org/en-US/firefox/enterprise</a> <br /> </p> </div> <!-- Description --> </div> <div class="col-lg-4"> <div data-toggle="sticky" data-sticky-offset="30"> <div class="card" id="card-summary"> <div class="card-header py-3"> <div class="row align-items-center"> <div class="col-6"> <span class="h6"><i class="fab fa-searchengin"></i> Search</span> </div> <div class="col-6 text-right"> <form role="search" method="get" action="/vulnsearch"> <div class="actions-search" id="actions-search"> <div class="input-group input-group-merge input-group-flush"> <div class="input-group-prepend"> <span class="input-group-text bg-transparent"><i class="fas fa-search"></i></span> </div> <input type="text" class="form-control form-control-flush" id="search" aria-describedby="search" name="search" placeholder="Search vulnerabilities" required> <div class="input-group-append"> <a href="#" class="input-group-text bg-transparent" data-action="search-close" data-target="#actions-search"><i class="fas fa-times"></i></a> </div> </div> </div> <div class="row justify-content-between align-items-center"> <div class="col text-right"> <div class="actions"> <a href="#" class="action-item mr-2" data-action="search-open" data-target="#actions-search"> <i class="fas fa-search"></i> </a> </div> </div> </div> </form> </div> </div> </div> <div class="card-header py-3"> <div class="row align-items-center"> <div class="col-6"> <span class="h6"><i class="fas fa-thermometer-three-quarters"></i> Severity</span> </div> <div class="col-6 text-right"> <span class="badge badge-pill badge-soft-danger">High</span> </div> </div> </div> <div class="card-header py-3"> <div class="row align-items-center"> <div class="col-6"> <span class="h6"><i class="fas fa-chart-line"></i> CVSS Score</span> </div> <div class="col-6 text-right"> <span class="badge badge-pill badge-soft-info"> 10.0 </span> </div> </div> </div> </div> </div> </div> </div> </div> </section> <!-- CTA --> <section class="slice slice-lg"> <div class="container"> <div class="row justify-content-center"> <div class="col-lg-8"> <div class="card bg-gradient-primary rounded shadow-lg border-0 text-center position-relative zindex-100"> <div class="card-body p-5"> <h3 class="text-white font-weight-400">You never have to pay for a vulnerability scanning and management software again.</h3> <p class="text-white">Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.</p> <div class="mt-4"> <a href="/register" class="btn btn-white btn-icon rounded-pill px-4"> <span class="btn-inner--icon"><i class="fas fa-angle-right"></i></span> <span class="btn-inner--text">Sign Up Free</span> </a> </div> </div> </div> </div> </div> </div> </section> </div> <footer id="footer-main"> <div class="footer footer-dark bg-gradient-primary"> <div class="container"> <div class="row pt-md"> <div class="col-lg-4 mb-5 mb-lg-0"> <a href="index.html"> <img src="https://www.mageni.net/assets/img/logo.svg" alt="Footer logo" style="height: 50px;"> </a> <p>Mageni means "My Defender" and provides a Free Vulnerability Scanning and Management Platform which helps you to find, prioritize, remediate and manage the vulnerabilities. </p> </div> <div class="col-lg-2 col-6 col-sm-4 ml-lg-auto mb-5 mb-lg-0"> <h6 class="heading mb-3">Links</h6> <ul class="list-unstyled"> <li><a href="/home">Dashboard</a></li> <li><a href="/register">Download</a></li> <li><a href="https://documentation.mageni.net/" target="_blank">Docs</a></li> <li><a href="https://opensource.mageni.net/" target="_blank">Open Source</a></li> </ul> </div> <div class="col-lg-2 col-6 col-sm-4 mb-5 mb-lg-0"> <h6 class="heading mb-3">Product</h6> <ul class="list-unstyled text-small"> <li><a href="/">Overview</a></li> <li><a href="/features">Features</a></li> <li><a href="/pricing">Pricing</a></li> <li><a href="/vulndb">Plugins</a></li> <li><a href="/categories">Categories</a></li> <li><a href="/kb">CVE Database</a></li> </ul> </div> <div class="col-lg-2 col-sm-4 mb-5 mb-lg-0"> <h6 class="heading mb-3">Company</h6> <ul class="list-unstyled"> <li><a href="/terms-of-service">Terms</a></li> <li><a href="/terms-of-service">Legal</a></li> <li><a href="/blog">Blog</a></li> <li><a href="/contact">Contact</a></li> </ul> </div> </div> <div class="row align-items-center justify-content-md-between py-4 mt-4 delimiter-top"> <div class="col-md-6"> <div class="copyright text-sm font-weight-bold text-center text-md-left"> © 2020 <a href="https://www.mageni.net" class="font-weight-bold" target="_blank">Mageni Security, LLC</a>. All rights reserved. </div> </div> <div class="col-md-6"> <ul class="nav justify-content-center justify-content-md-end mt-3 mt-md-0"> <li class="nav-item"> <a class="nav-link" href="https://www.linkedin.com/company/mageni-security" target="_blank"> <i class="fab fa-linkedin"></i> </a> </li> <li class="nav-item"> <a class="nav-link" href="https://twitter.com/magenisecurity" target="_blank"> <i class="fab fa-twitter"></i> </a> </li> <li class="nav-item"> <a class="nav-link" href="https://www.facebook.com/magenillc" target="_blank"> <i class="fab fa-facebook"></i> </a> </li> </ul> </div> </div> </div> </div> </footer> <!-- Core JS - includes jquery, bootstrap, popper, in-view and sticky-kit --> <script src="https://www.mageni.net/assets/js/purpose.core.js"></script> <!-- Page JS --> <script src="https://www.mageni.net/assets/libs/swiper/dist/js/swiper.min.js"></script> <!-- Purpose JS --> <script src="https://www.mageni.net/assets/js/purpose.js"></script> </body> </html>