Operating System:

[WIN][UNIX/Linux]

Published:

08 January 2020

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2020.0054 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0054
         MFSA 2020-01 Security Vulnerabilities fixed in Firefox 72
                              8 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Firefox
Publisher:         Mozilla
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-17025 CVE-2019-17024 CVE-2019-17023
                   CVE-2019-17022 CVE-2019-17021 CVE-2019-17020
                   CVE-2019-17019 CVE-2019-17018 CVE-2019-17017
                   CVE-2019-17016 CVE-2019-17015 

Original Bulletin: 
   https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/

- --------------------------BEGIN INCLUDED TEXT--------------------

Mozilla Foundation Security Advisory 2020-01

Security Vulnerabilities fixed in Firefox 72

Announced
    January 7, 2020
Impact
    high
Products
    Firefox
Fixed in
       Firefox 72

# CVE-2019-17015: Memory corruption in parent process during new content
process initialization on Windows

Reporter
    Thomas Imbert
Impact
    high

Description

During the initialization of a new content process, a pointer offset can be
manipulated leading to memory corruption and a potentially exploitable crash in
the parent process.
Note: this issue only occurs on Windows. Other operating systems are
unaffected.

References

  o Bug 1599005

# CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting

Reporter
    Michal Bentkowski
Impact
    high

Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS
sanitizer incorrectly rewrites a @namespace rule. This could allow for
injection into certain types of websites resulting in data exfiltration.

References

  o Bug 1599181

# CVE-2019-17017: Type Confusion in XPCVariant.cpp

Reporter
    bo13oy
Impact
    high

Description

Due to a missing case handling object types, a type confusion vulnerability
could occur, resulting in a crash. We presume that with enough effort that it
could be exploited to run arbitrary code.

References

  o Bug 1603055

# CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word
suggestions

Reporter
    Siye Lui
Impact
    moderate

Description

When in Private Browsing Mode on Windows 10, the Windows keyboard may retain
word suggestions to improve the accuracy of the keyboard.

References

  o Bug 1549394

# CVE-2019-17019: Python files could be inadvertently executed upon opening a
download

Reporter
    Prithwishk Kumar Pal
Impact
    moderate

Description

When Python was installed on Windows, a python file being served with the MIME
type of text/plain could be executed by Python instead of being opened as a
text file when the Open option was selected upon download.
Note: this issue only occurs on Windows. Other operating systems are
unaffected.

References

  o Bug 1568003

# CVE-2019-17020: Content Security Policy not applied to XSL stylesheets
applied to XML documents

Reporter
    Matthew Somerville
Impact
    moderate

Description

If an XML file is served with a Content Security Policy and the XML file
includes an XSL stylesheet, the Content Security Policy will not be applied to
the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript,
it would bypass any of the restrictions of the Content Security Policy applied
to the XML document.

References

  o Bug 1597645

# CVE-2019-17021: Heap address disclosure in parent process during content
process initialization on Windows

Reporter
    Thomas Imbert
Impact
    moderate

Description

During the initialization of a new content process, a race condition occurs
that can allow a content process to disclose heap addresses from the parent
process.
Note: this issue only occurs on Windows. Other operating systems are
unaffected.

References

  o Bug 1599008

# CVE-2019-17022: CSS sanitization does not escape HTML tags

Reporter
    Michal Bentkowski
Impact
    moderate

Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS
sanitizer does not escape < and > characters. Because the resulting string is
pasted directly into the text node of the element this does not result in a
direct injection into the webpage; however, if a webpage subsequently copies
the node's innerHTML, assigning it to another innerHTML, this would result in
an XSS vulnerability. Two WYSIWYG editors were identified with this behavior,
more may exist.

References

  o Bug 1602843

# CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3
HelloRetryRequest had been sent

Reporter
    Google oss-fuzz
Impact
    low

Description

After a HelloRetryRequest has been sent, the client may negotiate a lower
protocol that TLS 1.3, resulting in an invalid state transition in the TLS
State Machine. If the client gets into this state, incoming Application Data
records will be ignored.

References

  o Bug 1590001

# CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

Reporter
    Mozilla developers
Impact
    high

Description

Mozilla developers Jason Kratzer, Christian Holler, and Bob Clary reported
memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these
bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.

References

  o Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

# CVE-2019-17025: Memory safety bugs fixed in Firefox 72

Reporter
    Mozilla developers
Impact
    high

Description

Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard,
and Christian Holler reported memory safety bugs present in Firefox 71. Some of
these bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.

References

  o Memory safety bugs fixed in Firefox 72

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXhUS4WaOgq3Tt24GAQiOiBAAxN0XX/I6HfUngwoHSSd2mMe8qwa4N1Kq
MduwjFYccVrenXE6nwkaKjPo4fNGmhahuuHMOcRK6tyFdRRsCRvdcnghAM5NWc7T
eFo3SXGZlwevw/lfVNk0U+fUl4e9A8Y/aDnKZ5qTt3otwlv45TmSCsw3wp3OU2kR
+akxAC51Ctk6cypl+kFdH8+9KKa3CEACIJD8AAmVuoAtc4mXy67fwC2U6gP8lPgv
QPRb9TCzW7tomATzwYOq52+J/XiJ31deZhE1YL72oK55vndbHyUtJsiqYs8I3R2X
SWrs2/ociZhTJAAQdfrSnHWOw8DqQ48ddY081JHY1VOy1k1z5MANaTzul4z9DNnV
dr7WXO3/UjU5VHZ6HPJVxqwjKr1MZCk9jDwfvNzZJpxQAZkV1+SfsHNeRYO5eM9I
bgWdABrkSig2defxRS5GGxfYwx27an9mqC7n3vnVzfC+8F3lnRBwkSJuXoH0z5KJ
rWL6Y8Pp6iLxxLgfqzgKpaoYbC0RTIkhPZYAMukY7k7daSbivbdQnq4M/FVz8YQn
OrEl9GMHryy4GoJWenLxcME1GBhbFEsDTBiDZyHnMKC+g4G6rRzkRNLjgEpfriN8
24RrsOZ4kvDkLStW1H9ixN777UBaODznJoD0kRd8yAF9A82yK7qYTBCUgzxOPiS2
CWoE5+eJiL8=
=92u0
-----END PGP SIGNATURE-----