Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4552 MFSA 2019-36 Security Vulnerabilities fixed in Firefox 71 4 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Publisher: Mozilla Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-17014 CVE-2019-17013 CVE-2019-17012 CVE-2019-17011 CVE-2019-17010 CVE-2019-17009 CVE-2019-17008 CVE-2019-17005 CVE-2019-13722 CVE-2019-11756 CVE-2019-11745 Reference: ESB-2019.4507 ESB-2019.4449 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/ - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2019-36 Security Vulnerabilities fixed in - Firefox 71 Announced December 3, 2019 Impact high Products Firefox Fixed in Firefox 71 # CVE-2019-11756: Use-after-free of SFTKSession object Reporter J.C. Jones Impact high Description Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). References o Bug 1508776 # CVE-2019-17008: Use-after-free in worker destruction Reporter Looben Yang Impact high Description When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. References o Bug 1546331 # CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code Reporter Alexandru Michis Impact high Description When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. References o Bug 1580156 # CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher Reporter Craig Disselkoen Impact high Description When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. References o Bug 1586176 # CVE-2019-17014: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure Reporter Abdulrahman Alqabandi Impact moderate Description If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. References o Bug 1322864 # CVE-2019-17009: Updater temporary files accessible to unprivileged processes Reporter Robert Strong Impact moderate Description When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. References o Bug 1510494 # CVE-2019-17010: Use-after-free when performing device orientation checks Reporter Nils Impact moderate Description Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. References o Bug 1581084 # CVE-2019-17005: Buffer overflow in plain text serializer Reporter Mirko Brodesser Impact moderate Description The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. References o Bug 1584170 # CVE-2019-17011: Use-after-free when retrieving a document in antitracking Reporter Nils Impact moderate Description Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. References o Bug 1591334 # CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 Reporter Mozilla developers and community Impact high Description Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 # CVE-2019-17013: Memory safety bugs fixed in Firefox 71 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 71 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXeczMGaOgq3Tt24GAQiRUA//cltiOTC1+60AEt8vfZRWTaKPNw5QEN2o iwSK+yEpxoVAXKafXvKILvzdF8byoMVgzJrraq2mmzT2gSuyUwZR0O5UJo7MqpiB XqNxYpP/cUU4noGojDp3PiU3oElmd3pkVJhuzUvTSdeL4JFJtBrxIVNuArGZoZdJ BI3dnnZ/2X84ejnN47vzeeQk9MZ0Qiiio6+ssj97cggl787o4UG/00mwOfCFp1PD EDSB27h/Izo5aQ10sUQjmHYADFFIjIAovTx5u83C9HNNjEvYUOh7BVsUkEQvwkDM pXdtsdufcEP4MOKhNxM4VVWv08EAGFWaYBiYZh89izAz0GJCzJmFC2+YEXgeRVyY e+eSo/Ic9sZ6UOekT+dbtcfh95IRnSIGXSbVknqN2cDvFw0+gTNVxpCrIlbcpe/2 1FwoqyTEDnP1OWgm3vCmgw0hRaoryVRZ72bI8lgIBYrq9JPrfxXLEeG8nEhmUWRI /FQD20JLDVhCXAQImccAHwx+gkhl6gHpxRccNrrn54GSsjVG05mhYnYeqd6BhlQ8 b/mXWsxSlecTWsnr5wC0g1v13LFHgdnYIOQE59P8tuIKEGI6oF/LVB0uCZvqknZS PQYxoMmH4ZPjlk1uJVT31BgjyY4gbmBUGdjNFx1/eAuqh5OUB9wtwpdf3zKp+tLm L5mCNPjm4qc= =vFnU -----END PGP SIGNATURE-----