-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
MFSA 2019-33/34 Security vulnerabilities fixed in - Firefox 70
23 October 2019
AusCERT Security Bulletin Summary
Product: Mozilla Firefox
Mozilla Firefox ESR
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
CVE Names: CVE-2019-15903 CVE-2019-11764 CVE-2019-11763
CVE-2019-11762 CVE-2019-11761 CVE-2019-11760
CVE-2019-11759 CVE-2019-11758 CVE-2019-11757
Member content until: Friday, November 22 2019
Multiple vulnerabilities have been identified in Mozilla Firefox
versions prior to 70, Firefox ESR versions prior to 68.2 and 60.9.
The vendor has provided the following details regarding the
" #CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
In libexpat before 2.2.8, crafted XML input could fool the parser into changing
from DTD parsing to document parsing too early. A subsequent call to
XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a
heap-based buffer over-read.
o Bug 1584907
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
When following the value's prototype chain, it was possible to retain a
reference to a locale, delete it, and subsequently reference it. This resulted
in a use-after-free and a potentially exploitable crash.
o Bug 1577107
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
Mozilla developers and community
Mozilla community member Philipp reported a memory safety bug present in
Firefox 68 when 360 Total Security was installed. This bug showed evidence of
memory corruption in the accessibility engine and we presume that with enough
effort that it could be exploited to run arbitrary code.
o Bug 1536227
#CVE-2019-11759: Stack buffer overflow in HKDF output
An attacker could have caused 4 bytes of HMAC output to be written past the end
of a buffer stored on the stack. This could be used by an attacker to execute
arbitrary code or more likely lead to a crash.
o Bug 1577953
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC
signaling. This resulted in a potentially exploitable crash in some instances.
o Bug 1577719
#CVE-2019-11761: Unintended access to a privileged JSONView object
By using a form with a data URI it was possible to gain access to the
privileged JSONView object that had been cloned into content. Impact from
exposing this object appears to be minimal, however it was a bypass of existing
defense in depth mechanisms.
o Bug 1561502
#CVE-2019-11762: document.domain-based origin isolation has
If two same-origin documents set document.domain differently to become
cross-origin, it was possible for them to call arbitrary DOM methods/getters/
setters on the now-cross-origin window.
o Bug 1582857
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
Failure to correctly handle null bytes when processing HTML entities resulted
in Firefox incorrectly parsing these entities. This could have led to HTML
comment text being treated as HTML which could have led to XSS in a web
application under certain conditions. It could have also led to HTML entities
being masked from filters - enabling the use of entities to mask the actual
characters of interest from filters.
o Bug 1584216
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Mozilla developers and community
Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz,
Iain Ireland, Tyson Smith, Christian Holler, Steve Fink, Honza Bambas, Byron
Campen, and Cristian Brindusan reported memory safety bugs present in Firefox
69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could be
exploited to run arbitrary code.
o Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 "
The vendor recommends upgrading to the latest versions to address
these issues. 
 MFSA 2019-34 Security vulnerabilities fixed in - Firefox 70
 MFSA 2019-33 Security vulnerabilities fixed in - Firefox ESR 68.2
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----